- security News Forums
- > Loss of data has serious consequences fo...
- > Until the CRL expires...
Posting 
Until the CRL expires... 14 July 2009 22:13
"The test system can keep on running as long as no new cards need to
be issued."
Hopefully they had a nice long validity period on their root's CRL.
Without a backup of the private key, they will have a tough time
signing a new one...
Distributed root CA servers... now that would be interesting to see
how that would be a benefit - you can't tell me they are issuing
these cards straight from the root CA. There still would be no
redundancy for the private key housed in the HSM. Or has this Thomas
Maus guy developed a distributed HSM? Okay that might be cool, but I
can't say I would necessarily trust it. What about clustering? Or
at least just good ol' fashioned off-site backups. You don't need
anything fancy for the root for high availability, even for this type
of setup, as long as you run things correctly - all you need is just
a bunch of extra security and process management.
As far as the user's key - okay, so I don't know everything about
this project but you can't tell me that only the patient is going to
be able to decrypt their file and there will not be a recovery agent
of some kind (although if they didn't back up the root private key,
maybe they don't!). Also, the electronic health professionals card
(or something similar to it) should be able to be used by authorized
people to recover somehow if needed. If they are just doing signing
certs and not encryption - big deal, just update the access list to
include the new signing cert.
- Threaded View
- Flat View
