Re: SSL for debian.org/security?
On 11/12/2013 01:58 PM, Henrik Ahlgren wrote:
> On Tue, Nov 12, 2013 at 01:15:38PM -0500, Hans-Christoph Steiner wrote:
>> Having the key generated on the card is the most secure, since those cards are
>> designed so you can't read the secret key off of the card. So the cost of
>> putting a new certificate on the card is only someone's time for generating
>> and uploading and new key to it.
>
> But there is the significant downside that it is not possible to
> backup the key, so if the card gets destroyed in a fire or just fails
> and stops working, the key needs to be revoked, since only one
> physical copy of the private key exists. (Which also means that only
> one machine can sign with the key.)
>
> So for widely used keys it might be better to create the keypair in a
> trusted (airgapped from any network and diskless) machine running
> something like Debian Live or Tails, and in addition to uploading it
> to the smart card, make few backup copies to offline media (e.g. USB
> sticks) to be stored in a safe location.
That is also a good point. The process needs to be designed to work in each
situation.
Having a single copy of a private key is not always a disadvantage, but it can
provide some interesting, unique advantages. If you look at the example of
Lavabit, he was ordered by the government to turn over a copy of his secret
key. If that key was generated on a smartcard, then it would not be possible
for him to give a copy of the key to someone else.
Having a key that is only on a single smartcard would make that key impervious
to secret orders. Sure, a government could take that key by secret order, but
then the debian server would have to use a new one, so the action would not be
a secret.
.hc
Reply to: