[cryptography] airgaps in CAs
smb at cs.columbia.edu
Sun Jan 8 21:10:56 EST 2012
On Jan 8, 2012, at 6:29 26AM, Florian Weimer wrote:
> * Eugen Leitl:
>> Is anyone aware of a CA that actually maintains its signing
>> secrets on secured, airgapped machines, with transfers batched and
>> done purely by sneakernet?
> Does airgapping provide significant security benefits these days,
> compared to its costs?
> File systems are generally less robust than network stacks. USB
> auto-detection is somewhat difficult to control on COTS systems. So
> unless you build your own transfer mechanism, a single TCP port
> exposes less code, and code which has received more scrutiny.
While I'm uncertain about your precise conclusion -- I know of no
attempts to write a USB+file system+OS behavior security sanitizer,
so I don't know how easy it is to do -- you're definitely asking
the the right question. Security is not a matter of good or evil
technology; it's a matter of picking the best choice from a perspective
of maximizing benefits, minimizing costs and risks, and doing all
of that in a dynamic environment without complete knowledge of even
the current state, let alone the future.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the cryptography