Re: Private Key Cloning

["David P. Kemp" <dpkemp@xxxxxxxxxxxxxxxxxxxxxxxx>]

> From: Paul Koning <pkoning@xedia.com>
> Date: Mon, 19 Jun 2000 10:48:17 -0400 (EDT)
> To: FRousseau@chrysalis-its.com
> Cc: brauckmann@trustcenter.de, ietf-pkix@imc.org
> Subject: Re: Private Key Cloning
> 
> >>>>> "FRousseau" == FRousseau  <FRousseau@chrysalis-its.com> writes:
> 
>  FRousseau> Juergen, If a private key generated within a hardware
>  FRousseau> cryptographic module is securely wrapped within that same
>  FRousseau> module, is then exported to another similar hardware
>  FRousseau> cryptographic module through an authenticated key exchange
>  FRousseau> where it is unwrapped and both of these private keys are
>  FRousseau> then used to perform electronic signatures in a load
>  FRousseau> balancing situation (e.g. OCSP or TSA server), do you mean
>  FRousseau> this would not be legal in Germany?
> 
> How would you guarantee that there's no man in the middle?  The only
> way would be to have a prior out of band secure setup of
> authenticating data, such as a shared secret or public keys used for
> this key exchange process.  While the user of such a device can ensure
> that this is done right, the manufacturer of the devices cannot.
> 
> It doesn't surprise me at all to see devices that don't allow this.
> It makes good security sense to omit such a capability.
> 
>    paul


And it doesn't seem to present insurmountable obstacles to load
balancing ... why shouldn't each server have its own signature key?
Is there a reason not to use N certificates with identical
distinguished names and different public keys?