From: Joachim A. <ac...@as...> - 2011-03-09 21:04:40
|
Massimiliano Pala writes: > I know that the documentation has to be improved for the OCSP server > and the LibPKI. I only have 24hrs a day.. and that's not enough for > all I have to do! Anyhow, thanks for the feedback about encrypted > key, I will look into that. An OT question to the community: What is the best practice paranoia-level for a OCSP SSL certificate? level 1: private key on hard disk, which is unlocked by config file level 2: private key on hard disk, which has to be unlocked by password level 3: private key on HSM, which is unlocked by config file level 4: private key on HSM, which has to be unlocked by pinpassword >From a security point of view, level 4 would be best, but of the operating point of view - mainly concerning availability from boot time, and time-to-repair after system failure, level 1 would be more appropriate. level 1 would be best. What's your basic security-level? How strong is the impact of a intruder, who hijacks root-access, grabs the OCSP SSL private+public key together with its password from the harddisk, keeps undetected, and uses this knowledge to make a man-in- the-middle attack (e. g. arp poisoning between OCSP server and end-user setups) just to send false OCSP answers. With a HSM key, this case isn't possible, because the OCSP certificate is bound to the hardware and could only be physically stolen (which would be recognized immediately or wouldn't be possible in a high-security environment). We have high-security setups, which use level 4, but the operating processes (pinpassword mustn't be spreaded, but has to be available while staff is ill + on holidays). The OpenXPKI project is working with encrypted containers, which contains the PIN in a encrypted way, and operaters only know their personified unlocking PIN, which unlocks the real PIN on the application layer but doesn't make the real PIN transparent anyway. That's quite tricky and I like this compromise concerning availability. Just my $0,02. Greetings -Achim |