[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Private Key replacement

With reference to:   draft-ieft-spki-cert-theory-01.txt  

The protection of the private key is correctely stressed in  3.2.1 but the
all specification derives from the assumption that "all private keys are
kept private and bound tightly to the one keyholder to which they belong".

If the cybersapce is going to become crowded it will certainly happen that
sometimes also private keys are compromised.

 Possibly SPKI is the right place where one can take some precaution. 

I found interesting the proposal included in SET (see "Secure Electtronic
Transaction Specification - Book 1 Business specification 3.3):

When one issues the  public/private keys he will generate also a "recovery
key" (private and public keys).

The recovery key can be kept in a safe "place" (a floppy in the
strongsafe),  since they are not actually in use.

A secure hash of the public-recovery key  will then go with all apparences
of the "active" public key.

When the  actual private key is compromised:
	- The CRL can  specify when and if one has to switch to the recovery key 
	- The "public recovery key" is published together with the hash of the
next recovery key

The approach helps also if also the recovery key is compromised.
The key holder has to generate a new couple of actual and recovey keys,
publish the actual public key (& hash of the new recovery key) and  the CRL
has to specify that one has to switch to the recovery key and, immediately
after,  recover again.

I hope this suggestion can improve the specification or at least highlight
a requirement.

Regards, Francesco Zambon

Francesco Zambon      mailto:zambon@enidata.it
EniData spa - Via Medici del Vascello 26
20138 Milano (Italy)
Tel: +39 2 520 25369    Fax: +39 2 520 25174