I would think it would be nice if "CAL" had a way of saying "these are the ones to be revoked" so no shutdown, just propagate the bad one - but I'm talking to daniel offline about it.. * Nick Bender <nbender_at_gmail.com> [2006-11-16 13:23]: > >+SECURITY IMPLICATIONS > >+ > >+The CA, specifically the holder of the CA private key (and its password, > >if it > >+is password encrypted), holds broad control over hosts and user accounts > >set > >+up in this way. Should the CA private key become compromised, all user > >+accounts become compromised. > >+ > >+There is no way to revoke a certificate once it has been published, the > >+certificate is valid until it reaches the expiry date set by the CA. > >+ > > After spending a good part of a night locking down a network when an > admin "left" this leaves me feeling cold. > > I think the addition of CAL gives you at least a prayer of addressing > this in a timely manner. In the event that you need to reauthorize > from the top: > > 1. Shutdown your CAL servers. > 2. Generate and distribute new CA cert. > 3. Generate and distribute new host certs. > 4. Startup CAL servers. > 5. Generate and distribute new user certs. > > Did I miss anything? > > The vulnerability window is now time from compromise to time of shutdown > of CAL servers. > > Note that there is one other time where the same procedure is required > but without the time pressure - at CA cert expiry time. > > I think the procedure should at least be included in the documentation > if not supported in some way by software... > > -N > -- #!/usr/bin/perl if ((not 0 && not 1) != (! 0 && ! 1)) { print "Larry and Tom must smoke some really primo stuff...\n"; }Received on Thu Nov 16 2006 - 19:49:24 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:02 UTC