[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RFC 2527 Physical Security Controls Question

To: <TMetzinger@xxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: RFC 2527 Physical Security Controls Question
From: "Mike Davis" <mikedatsd@xxxxxxxx>
Date: Tue, 14 Dec 1999 18:19:31 -0800
Cc: <pki-twg@xxxxxxxxxxxxxxxxxxx>
Importance: Normal
In-reply-to: <>

Tim,

Let's hope not!  Strong physical defenses on the order of a SCIF might well
represent an appropriate standard of physical security appropriate for a CA.
We are not talking about needing a huge facility here so the costs might in
fact be quite reasonable.  For the intrusion scenario, recall that the CA
key is protected by cryptographic methods as well.  The CA key should also
be protected within a tamper resistant module that would cause the key to
zeroize if attempts were made to open it.  This seems to work well enough
(is an accepted practice) for top secret keying material.  Would it really
be required to waste the CA compound and the intruder to protect theft of an
encrypted key?

Mike Davis
Senior Security Architect
SAIC
Center for Information Security Technology

-----Original Message-----
From: TMetzinger@aol.com [mailto:TMetzinger@aol.com]
Sent: Tuesday, December 14, 1999 5:23 PM
To: ietf-pkix@imc.org
Cc: pki-twg@csmes.ncsl.nist.gov
Subject: Re: RFC 2527 Physical Security Controls Question


John Kennedy and Lynn Wheeler both made excellent points about the potential
need for absolute top-grade physical security in a commercial CA operation.
It all seems to come down (as always) to risk assessment and balancing the
cost of security against it's benefits.

In the commercial world, especially in the financial and medical sectors,
the
potential liability for a CA operator could be enormous, easily justifying
the cost of physical security measures rivalling that found around weapons
of
mass destruction.

This brings up an interesting question though...  For a government, it's
very
easy to designate a resourse as being sufficiently valuable to authorize the
use of deadly force to protect it - try to get close to a stealth aircraft
sometime. For commercial applications, however, even where billions of
dollars may be at stake, it's harder (if not impossible) to implement that
final line of security.

So for you non-government types, would your CA physical security include
lethal defenses?  Can anyone think of any application for a non-government
CA
that would require such defenses?  I'm not talking about just armed guards
here...  I'm talking about defenses that would kill an unauthorized
individual who entered protected space BEFORE they did any damage besides
entering that space.

Timothy M. Metzinger
Technical Director
Drug Enforcement Administration
Office of Information Systems
(202) 307-9884
(888) 385-0705

References:
- Re: RFC 2527 Physical Security Controls Question
  - From: TMetzinger

Prev by Date: Re: RFC 2527 Physical Security Controls Question
Next by Date: RE: RFC 2527 Physical Security Controls Question
Previous by thread: Re: RFC 2527 Physical Security Controls Question
Next by thread: RE: RFC 2527 Physical Security Controls Question
Index(es):
- Date
- Thread