TriNetre - Archive for November 18, 2004

(no longer updated)

CACert has a page on how it protects its root key:

Currently there is 2 main servers, one for webserver, one for root store, with the root store only connected to the webserver via serial cable, with a daemon running as non-root processes on each end of the serial listening/sending requests/info.

If the root store detects a bad request it assumes the webserver is compromised and shuts itself down. If the root store doesn't receive a 'ping' reply over the serial link within a determined amount of time it assumes the webserver is compromised or the root store itself has been stolen and shuts itself down.

Apart from the boot stuff, all data resides on an encrypted partition on the root store server and only manual intervention in the boot up process by entering the password will start it again

While this looks like a very good protection, it is still penetrable. For example, an insider job can never be ruled out. A good way to prevent such an attack and any general attack of compromised servers is to distribute your root key among several servers and get these servers to serve the request independently. Welcome Threshold Cryptographic primitives that can do the job. Threshold cryptography is different from Shamir's (t, n) threshold scheme in that in Shamir's scheme, even though the keys are generated and stored separately, it has to be assembled at one single trusted place before it can be used. Threshold crypto primitives overcomes that limitation too.

I think it would be a great idea to try and run the CACert root server on a Threshold crypto system. What is further more interesting is that people have already demonstrated systems that work on such scheme. The ITTC project at Stanford has already developed a set of APIs that can be used to build a Certificate Authority (CA) as well as an SSL based web server using the primitives.

My suggestion on this matter to the devel mailing-list at CACert has so far gone unreplied.