[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fingerprint of the archive signing key

On Wed, Jun 30, 2004 at 10:19:58AM +1000, Zenaan Harkness wrote:
> Isn't it possible to have the "certificate signing facility" on a
> network-disconnected box, to thereby require at minimum physical
> access to the box to compromize a (master) certificate?

No matter how you s store it, it is used to sign, so you can use it for it.
CA root keys are normally protected from reading, but of course not from
authorized usage. The RA is normally the point where you attack the PKI most
easyly (remeber the MS/Verisign joke).

  (OO)      -- Bernd_Eckenfels@Mörscher_Strasse_8.76185Karlsruhe.de --
 ( .. )      ecki@{inka.de,linux.de,debian.org}  http://www.eckes.org/
  o--o     1024D/E383CD7E  eckes@IRCNet  v:+497211603874  f:+497211606754
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: