Menu
▾
▴
Re: [Ejbca-develop] Blockchain as a new protection mechanism for Database Integrity Protection
|
From: Jaime H. <hab...@gm...> - 2018-11-01 20:13:46
|
Hi Manuel, CT Logs would fulfill the requirement to monitor certificate issuance but not certificate revocation history as well. For example, if a CA revoked a certificate in the past and needs to prove to third parties (e.g. government) the exact time and details of that revocation event, if the update for revocation to its own CertificateData table would be protected with the Database Integrity Protection mechanism using a blockchain transaction, the CA could verify the details of this event to the requesting third parties. On Fri, Oct 26, 2018 at 12:33 AM Manuel Dejonghe <ma...@de...> wrote: > Hi, > I think CT Logs fulfill pretty exactly those requirements, and they do > store their info in Merkle Trees, so you're pretty close here. > > cheers, > Manuel > On Thu, 25 Oct 2018 at 19:32, Jaime Hablutzel <hab...@gm...> > wrote: > > > > Just a quick idea right now, but, what do you think of protecting EJBCA > records with blockchain transactions?. This way, records in EJBCA would be > verifiable with a distributed ledger and this could help to prove the > authenticity of certain data even to third parties (e.g. government), for > example, the exact time when a certificate got revoked in the past. > > > > I think that this could be implemented just as a new protection version > for Database Integrity Protection ( > https://www.ejbca.org/docs/EJBCA_Security.html#src-23855405_id-.EJBCASecurityv6.15.0-DatabaseIntegrityProtection > ). > > > > What do you think?. > > > > -- > > Jaime Hablutzel - RPC 994690880 > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > -- Jaime Hablutzel - RPC 994690880 |
