[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Private Key Cloning (TSA keys)
At 16:08 21.06.00 +1000, Simon McMahon wrote:
>> ... But the argument has started as a result of the fact
>> that some legislations, namely German Digital Signature Law, prohibit key
>> cloning. So we've been discussing just one of the possible solutions to
>get
>> around the restrictions of the law.
>>
>Is that the SigG / SigV German signature law ?
>I thought that was more for personal private keys where authentication data
>(e.g. the PIN) is provided for EVERY signature generated by the private key
>as well as "no copying the private key". Surely that is not relevant to TSA
>servers where no one is there to enter a PIN.
Funnily it is relevant. CAs that want to operate according to SigG/SigV
have to offer a timestamping service. This is a requirement of the law.
They have to sign the timestamps with signatures that comply with that law.
The current SigG does not recognize the necessity to have server
keys/certificate, and so all restrictions to personal private keys apply to
CA/TSA operating keys. With some tricks (mostly not technical) we can get
around entering a PIN for every timestamp issued, but the "no copying a
private key" issue still applies.
>Yes, its a question of whether it is within the law, and within which
>relevant law. The german signature law that I have indirectly worked with
>was very specific but in my opinion not relevant to private keys used by
>unattended servers.
As all servers that want to operate according to the German Digital
Signature Law must issue signatures that comply with this law, it is
relevant.
We hope that a revision of the law will contain a notion of "server
keys/certificates", so that all the things that are not appliable for
CAs/TSAs will disappear... .
Regards,
Juergen
--
Juergen Brauckmann Tel.: 040 / 8080 26 311
TC TrustCenter GmbH Fax.: 040 / 8080 26 126
Sonninstraße 24-28 mailto:brauckmann@trustcenter.de
20097 Hamburg http://www.trustcenter.de