[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Private Key Cloning

To: FRousseau@xxxxxxxxxxxxxxxxx, brauckmann@xxxxxxxxxxxxxx
Subject: Re: Private Key Cloning
From: Volker Hammer <hammer@xxxxxxxxxx>
Date: Mon, 19 Jun 2000 17:44:17 +0200
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>

Hi,


>Juergen, 
>
>If a private key generated within a hardware cryptographic module is securely wrapped within that same module, is then exported to another similar hardware cryptographic module through an authenticated key exchange where it is unwrapped and both of these private keys are then used to perform electronic signatures in a load balancing situation (e.g. OCSP or TSA server), do you mean this would not be legal in Germany?

why you don't want to use two (or more) different key-pairs for different / fallback servers? For every key a similar certificate can be issued. This should not be a problem except for root certificates.  For TSA or OCSP servers key cloning seems not to be necessary from my point of view.

Regards
Volker Hammer.
--------------------------------------------------------
Dr.-Ing. Volker Hammer
Security Consultant

Secorvo Security Consulting GmbH
Albert-Nestler-Strasse 9, D-76131 Karlsruhe

Tel. +49 721 6105-458, Fax +49 721 6105-455
E-Mail hammer@secorvo.de, http://www.secorvo.de
--------------------------------------------------------
PGP-Fingerprint    3C9C AD64 AC6B 64CC  FA6B AE8D 2A5D 462D

References:
- Private Key Cloning
  - From: FRousseau

Prev by Date: Re: Private Key Cloning
Next by Date: Re: Can we form certificates with just name and e-mail address
Previous by thread: Re: Private Key Cloning
Next by thread: Re: Private Key Cloning
Index(es):
- Date
- Thread