[cryptography] airgaps in CAs
fw at deneb.enyo.de
Sun Jan 8 06:29:26 EST 2012
* Eugen Leitl:
> Is anyone aware of a CA that actually maintains its signing
> secrets on secured, airgapped machines, with transfers batched and
> done purely by sneakernet?
Does airgapping provide significant security benefits these days,
compared to its costs?
File systems are generally less robust than network stacks. USB
auto-detection is somewhat difficult to control on COTS systems. So
unless you build your own transfer mechanism, a single TCP port
exposes less code, and code which has received more scrutiny.
More information about the cryptography