[cryptography] airgaps in CAs

Arshad Noor arshad.noor at strongauth.com
Thu Dec 8 13:04:05 EST 2011

I am aware of at least one public CA - still in business - that
fits this description.

Every private PKI we have setup since 1999 (more than a dozen, of
which a few were for the largest companies in the world) has had
the Root CA on a non-networked machine with commensurate controls
to protect the CA.

Arshad Noor
StrongAuth, Inc.

On 12/08/2011 06:54 AM, Eugen Leitl wrote:
> Is anyone aware of a CA that actually maintains its signing
> secrets on secured, airgapped machines, with transfers batched and
> done purely by sneakernet?

More information about the cryptography mailing list