From: David Prall (dcp@dcptech.com)
Date: Thu Dec 14 2006 - 10:18:00 ART
I don't work for an Authority, but here is what I have gathered.
Typically what happens is that the root CA server is configured and built,
some sub servers are built keyed off the root. The root is then taken off
the network and locked in a safe. The chance of the root key being stolen is
minimized greatly in this manner.
David
-- David C Prall dcp@dcptech.com http://dcp.dcptech.com> -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On > Behalf Of johngibson1541@yahoo.com > Sent: Thursday, December 14, 2006 2:12 AM > To: ccielab@groupstudy.com > Subject: If a CA's private key is stolen, everything is cracked ? > > Am I thinking straight ? > > For example, if Verisign's private key is stolen, the entire verisign > server have to shutdown (or be suspended until its > certificate expires) ? > > Isn't that very dangerous? Any engineer of verisign could > steal that private key, > right? Core dump. > > John > > ______________________________________________________________ > _________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:38 ART