[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PKI Disaster Recovery and Key Rollover

To: "pgut001" <pgut001@xxxxxxxxxxxxxxxxx>, <denis.pinkas@xxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: PKI Disaster Recovery and Key Rollover
From: "Santosh Chokhani" <chokhani@xxxxxxxxxxxx>
Date: Wed, 11 Jul 2007 03:47:18 -0700
Cc: <Joel_Kazin@xxxxxxxxxxxxxxxxxx>, <stefans@xxxxxxxxxxxxx>
In-reply-to: <E1I8YdH-0006hC-00@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <82D5657AE1F54347A734BDD33637C87908622D1F@xxxxxxxxxxxxxxxxxxxxxxxx> <E1I8YdH-0006hC-00@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcfDnyrBCi0KEGPnSJ6VS209MI79zQACXVYg
Thread-topic: PKI Disaster Recovery and Key Rollover

Peter,

Like rest of the Policy Framework, 3647 does not specify any policies
for this or other points.  3647 is a framework and not a policy or a
sample policy.

What I have seen in some of the certificate policies seem to adequately
address this.

-----Original Message-----
From: pgut001 [mailto:pgut001@xxxxxxxxxxxxxxxxx] 
Sent: Wednesday, July 11, 2007 5:37 AM
To: Santosh Chokhani; denis.pinkas@xxxxxxxx; ietf-pkix@xxxxxxx;
pgut001@xxxxxxxxxxxxxxxxx
Cc: Joel_Kazin@xxxxxxxxxxxxxxxxxx; stefans@xxxxxxxxxxxxx
Subject: RE: PKI Disaster Recovery and Key Rollover

"Santosh Chokhani" <chokhani@xxxxxxxxxxxx> writes:

>The Policy Framework (Informational RFC 3647) has a section on CA and
RA
>Termination.

Do you mean section 4.5.8:

   This subcomponent describes requirements relating to procedures for
   termination and termination notification of a CA or RA, including the
   identity of the custodian of CA and RA archival records.

This seems to provide about as much utility as Cygnus' corporate drugs
policy
:-).

>I have seen a number of Certificate Policies drafted that describe
>requirements as to what a CA must do prior to termination of service.

Given the number of CAs whose users I've talked to for which the
termination
of service consisted of "404 Not Found", I think this is something that
needs
to be addressed in more detail.  In particular since this draft is
supposed to
cover "PKI Disaster Recovery" and having your CA suddenly vanish is the
single
biggest possible disaster than can hit a PKI, I think a fair amount of
the
document should be devoted to this.  Where do the CA keys go?  Who
issues
CRLs?  (A real-world example there, one national PKI that evaporated
suddenly
was left with the problem that while the hardware was still in place,
there
were no staff left who knew how to issue a CRL).  Who takes over the
defunct
CA's role? Who gets the CA's keys?  (Again, real-world example, they end
up on
eBay for sale to the highest bidder).  You could easily write a small
book on
all of this, it really is the single most drastic PKI disaster recovery
issue
that we have, and probably the most frequently-occurring (CA- rather
than EE-
related) one.

Peter.

References:
- RE: PKI Disaster Recovery and Key Rollover
  - From: Santosh Chokhani
- RE: PKI Disaster Recovery and Key Rollover
  - From: Peter Gutmann

Prev by Date: Re: draft-ietf-pkix-scvp-32.txt
Next by Date: Re: PKI Disaster Recovery and Key Rollover
Previous by thread: RE: PKI Disaster Recovery and Key Rollover
Next by thread: Re: PKI Disaster Recovery and Key Rollover
Index(es):
- Date
- Thread