One approach to securing infrequent signing or working keys from a
corporate master certificate is to store the certificate in a bank
safe deposit box. The certificate generation software (say on a self
booting CD or perhaps an entire laptop) could be stored in the safe
dep
One approach to securing infrequent signing or working keys from a
corporate master certificate is to store the certificate in a bank
safe deposit box. The certificate generation software (say on a self
booting CD or perhaps an entire laptop) could be stored in the safe
deposit box as well. The
> Some folks here might be interested in
>http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html
> which walks through a secure, auditable root keygen and signing ceremony.
We had something similar going on at Zeroknowlege Systems for the PKI
of the Freedom servers. But the password that pr
Peter Gutmann wrote:
> "Dave Howe" <[EMAIL PROTECTED]> writes:
>> Key management and auditing is pretty much external to the actual
>> software regardless of which solution you use I would have thought.
>
> Not necessarily. I looked at this in an ACSAC'2000 paper (available
> from http://www.acsac
"Dave Howe" <[EMAIL PROTECTED]> writes:
>Key management and auditing is pretty much external to the actual software
>regardless of which solution you use I would have thought.
Not necessarily. I looked at this in an ACSAC'2000 paper (available from
http://www.acsac.org/2000/abstracts/18.html).
> *shrug* it doesn't retroactively enforce the safety net - but that's ok,
> most MS products don't either :)
The whole point is to enhance common practice, not stay at the lowest
common denominator.
> Key management and auditing is pretty much external to the actual software
> regardless of whic
Rich Salz wrote:
>> These days there is a very nice oss/free gui tool which makes the
>> whole process a whole lot easier - check out:
>> http://sourceforge.net/projects/xca
> It's nice to have a GUI, but seeing phrases like
>For building the chains the CA flag is disregarded ...
> doesn't make
> These days there is a very nice oss/free gui tool which makes the whole
> process a whole lot easier - check out:
> http://sourceforge.net/projects/xca
It's nice to have a GUI, but seeing phrases like
For building the chains the CA flag is disregarded ...
doesn't make me feel very comfortable
Rich Salz wrote:
> Some folks here might be interested in
>http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html
> which walks through a secure, auditable root keygen and signing
> ceremony. The context is using OpenSSL to build a PKI so that we can
> write an XKMS server, building up to sec
Some folks here might be interested in
http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html
which walks through a secure, auditable root keygen and signing ceremony.
The context is using OpenSSL to build a PKI so that we can write an XKMS
server, building up to secure Web Services messages u
10 matches
Mail list logo
