> +SECURITY IMPLICATIONS > + > +The CA, specifically the holder of the CA private key (and its password, if it > +is password encrypted), holds broad control over hosts and user accounts set > +up in this way. Should the CA private key become compromised, all user > +accounts become compromised. > + > +There is no way to revoke a certificate once it has been published, the > +certificate is valid until it reaches the expiry date set by the CA. > + After spending a good part of a night locking down a network when an admin "left" this leaves me feeling cold. I think the addition of CAL gives you at least a prayer of addressing this in a timely manner. In the event that you need to reauthorize from the top: 1. Shutdown your CAL servers. 2. Generate and distribute new CA cert. 3. Generate and distribute new host certs. 4. Startup CAL servers. 5. Generate and distribute new user certs. Did I miss anything? The vulnerability window is now time from compromise to time of shutdown of CAL servers. Note that there is one other time where the same procedure is required but without the time pressure - at CA cert expiry time. I think the procedure should at least be included in the documentation if not supported in some way by software... -NReceived on Thu Nov 16 2006 - 19:13:58 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:02 UTC