At 04:06 AM 7/11/2007, Peter Gutmann wrote:
- the CA shall destroy, or withdraw from use, its private keys, as defined
in clause 7.2.6.
that's never going to happen in the real world because the only asset left to
a CA when it goes out of business is its private key, and the liquidators are
never going to allow the deliberate destruction of corporate assets in this
manner. More importantly, even if the CA had some policy related to this
while it was still operating, once it's in receivership the policy becomes
void. It's a bit like Tony Bartoletti's suggestion for adding a crimeFree bit
to keyUsage, you can write whatever policy you like for it but when it comes
to the crunch it's not going to work the way the policy says.
Stepping back a bit to look at this, it seems clear that REAL disaster recovery can only come by ensuring that (so qualified) CA's abide by some kind of "escrowed recovery/continuity arrangement" as a matter of course. Some entity, ala FDIC-for-PKI (not to imply that it be a government entity) needs the power to either revoke CA root, or provide for continuity of operations (magic, yeah...)
As Peter points out, the "keys" are the last bit of leverage the CA retains, and the CA (in general) will have no compunction to abide by any policy at a time when the downside outweighs the benefit.
If the concern is really for the relying parties and overall PKI stability, it makes no sense to demand that the CA take ANY particular action "post-disaster" ("the building may collapse at any moment - for your safety, please walk, do not RUN to the exits"). Rather, CA's that (voluntarily) enter into a verifiable "continuity contract" should be able to tout this fact as a qualification, and let the market decide if this becomes a "selling point" for their services.
Thoughts? ____tony____ Tony Bartoletti 925-422-3881 <azb@xxxxxxxx> Information Operations and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900