Re: fingerprint of the archive signing key

To: debian developers <debian-devel@lists.debian.org>
Subject: Re: fingerprint of the archive signing key
From: Zenaan Harkness <zen@freedbms.net>
Date: Wed, 30 Jun 2004 10:19:58 +1000
Message-id: <[🔎] 1088554798.3081.30.camel@zen8100a.freedbms.net>
In-reply-to: <[🔎] 20040629233537.GA25370@riva.ucam.org>
References: <[🔎] 20040629003951.GA14964@cirrus.madduck.net> <[🔎] 20040629005028.GA22050@suffields.me.uk> <[🔎] 20040629013230.GB14609@cirrus.madduck.net> <[🔎] 20040629115722.GA24190@suffields.me.uk> <[🔎] 87pt7izfnc.fsf@alhambra.bioz.unibas.ch> <[🔎] 20040629172848.GA19987@suffields.me.uk> <[🔎] 20040629173407.GD22096@riva.ucam.org> <[🔎] 20040629214219.GA2631@suffields.me.uk> <[🔎] 20040629233537.GA25370@riva.ucam.org>

On Wed, 2004-06-30 at 09:35, Colin Watson wrote:
> On Tue, Jun 29, 2004 at 10:42:19PM +0100, Andrew Suffield wrote:
> > Once you have physical access to the user workstations, you can take
> > those and work up.
> 
> Only if the key security is incompetent, which is inexcusable for a CA.

Isn't it possible to have the "certificate signing facility" on a
network-disconnected box, to thereby require at minimum physical
access to the box to compromize a (master) certificate?

Or must there be "real time" ability to access the master certificate
keys for [browser] authentication of those master certificates?

Please excuse my relatively high lack of knowledge of public key crypto.

tia
zen

Reply to:

Follow-Ups:
- Re: fingerprint of the archive signing key
  - From: Bernd Eckenfels <lists@lina.inka.de>

References:
- fingerprint of the archive signing key
  - From: martin f krafft <madduck@debian.org>
- Re: fingerprint of the archive signing key
  - From: Andrew Suffield <asuffield@debian.org>
- Re: fingerprint of the archive signing key
  - From: martin f krafft <madduck@debian.org>
- Re: fingerprint of the archive signing key
  - From: Andrew Suffield <asuffield@debian.org>
- Re: fingerprint of the archive signing key
  - From: Frank Küster <frank@debian.org>
- Re: fingerprint of the archive signing key
  - From: Andrew Suffield <asuffield@debian.org>
- Re: fingerprint of the archive signing key
  - From: Colin Watson <cjwatson@debian.org>
- Re: fingerprint of the archive signing key
  - From: Andrew Suffield <asuffield@debian.org>
- Re: fingerprint of the archive signing key
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: fingerprint of the archive signing key
Next by Date: Re: fingerprint of the archive signing key
Previous by thread: Re: fingerprint of the archive signing key
Next by thread: Re: fingerprint of the archive signing key
Index(es):
- Date
- Thread