[cryptography] airgaps in CAs

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Dec 8 23:16:04 EST 2011


Arshad Noor <arshad.noor at strongauth.com> writes:

>Every private PKI we have setup since 1999 (more than a dozen, of which a few 
>were for the largest companies in the world) has had the Root CA on a 
>non-networked machine with commensurate controls to protect the CA.

What about TSAs, where you need a key with an irrevocable cert active on a 
machine directly connected to the Internet?

Peter.




More information about the cryptography mailing list