Re: PKI Disaster Recovery and Key Rollover

[pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)]

"Denis Pinkas" <denis.pinkas@xxxxxxxx> writes:

>Here is an extract from ETSI TS 101 456:

Hmm, OK, what I was looking for was more of a list of issues from the
user/EE/relying-party point of view, things that they have to consider when
dealing with a CA.  To take one oft-quoted case:

  - the CA shall destroy, or withdraw from use, its private keys, as defined
    in clause 7.2.6.

that's never going to happen in the real world because the only asset left to
a CA when it goes out of business is its private key, and the liquidators are
never going to allow the deliberate destruction of corporate assets in this
manner.  More importantly, even if the CA had some policy related to this
while it was still operating, once it's in receivership the policy becomes
void. It's a bit like Tony Bartoletti's suggestion for adding a crimeFree bit
to keyUsage, you can write whatever policy you like for it but when it comes
to the crunch it's not going to work the way the policy says.

So what I was looking for, if the document is looking at PKI-related disaster
recovery, is advice to users on what to do when their CA vanishes, all support
and services stop overnight (with no continuity or responsibility), and the
liquidators sell the private key on eBay.

Peter.