RE: PKI Disaster Recovery and Key Rollover

["Santosh Chokhani" <chokhani@xxxxxxxxxxxx>]

Peter,

The Policy Framework (Informational RFC 3647) has a section on CA and RA
Termination.  I have seen a number of Certificate Policies drafted that
describe requirements as to what a CA must do prior to termination of
service.

-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On Behalf Of Peter Gutmann
Sent: Wednesday, July 11, 2007 2:47 AM
To: denis.pinkas@xxxxxxxx; ietf-pkix@xxxxxxx
Cc: Joel_Kazin@xxxxxxxxxxxxxxxxxx; stefans@xxxxxxxxxxxxx
Subject: Re: PKI Disaster Recovery and Key Rollover


"Denis Pinkas" <denis.pinkas@xxxxxxxx> writes:

>This document presents a framework to assist the writers of policy or
>practice statements and the designers of a Public Key Infrastructure to
>prepare disaster recovery plans in case of a private key-compromise or
a
>private key-loss. This may happen to end-entity keys, Certification
>Authorities, Revocation Authorities, Attribute Authorities, or
Time-Stamping
>Authorities.  Since certificates have finite validity, CA key-rollover
should
>be planned in advance.

Should it also cover the far more serious problem of the CA going out of
business?  I've talked to users of a number of CAs that have failed and
the
effect has been pretty chaotic on relying parties and users: one day the
CA
just isn't there any more, and everything stops working.  This seems to
be by
far the most serious real-world-impact CA issue that I've encountered,
but
it's not even considered in any PKI documentation that I know of.

Peter.