[Noisebridge-discuss] TPM
Jacob Appelbaum
jacob at appelbaum.net
Wed Jul 22 18:54:09 UTC 2009
Rodney Thayer wrote:
> CACert is questionable too. why not just spin your own root and put
> it on an offline box?
>
I know a few of the people behind CACert. They have a lot at stake as
far as a CA goes. They're not doing it for money. While I find their
model interesting, it doesn't put into question their usefulness as a CA.
Spinning our own root requires an immense amount of trust in Dr. Jesus
unless no one installs the CA root. If no one uses the root in their
browsers or other programs, it's almost pointless to have it. Arguably,
one could have a browser where only the Noisebridge CA is valid and yes,
that one can be attacked by Dr. Jesus or anyone else with the CA root. I
admit that this has it's uses if done in a pretty reasonable way....
Perhaps this is a call for how to make a secure CA root for Noisebridge?
> and by the way, I believe z TPM wouldn't help. You want a machine with
> an HSM if you want the key to be protected.
Agreed. Though even an SSL capable HSM has issues with this model. The
CA key needs a backup and short of Shamir's secret sharing model, I
guess we'll still need to trust the creator of the CA...
Best,
Jake
More information about the Noisebridge-discuss
mailing list