Re: fingerprint of the archive signing key
On Wed, 2004-06-30 at 09:35, Colin Watson wrote:
> On Tue, Jun 29, 2004 at 10:42:19PM +0100, Andrew Suffield wrote:
> > Once you have physical access to the user workstations, you can take
> > those and work up.
> Only if the key security is incompetent, which is inexcusable for a CA.
Isn't it possible to have the "certificate signing facility" on a
network-disconnected box, to thereby require at minimum physical
access to the box to compromize a (master) certificate?
Or must there be "real time" ability to access the master certificate
keys for [browser] authentication of those master certificates?
Please excuse my relatively high lack of knowledge of public key crypto.