undefined | Better HN

0 pointslikeabatterycar1y ago0 comments

> You still can't exfiltrate the key material

And? What actual problem does this solve or realistic threat does this prevent? They are not decryption keys they are used to digitally sign certificates.

What the DigiNotar hack taught us years ago is if your CA is compromised you are already 0wned doesn't matter if the key is stored in an HSM or not.

All they can do with a stolen key is issue more certificates. Which they can do anyway if they have root access to the CA.

You can put 12 locks on your door but if they're all keyed to the same key you've stored under the plant on the porch, it doesn't really matter.

> The interesting thing about this article is that it adds a few 9's that are covered, and it's both easy and cheap.

Hard to say if those extra 9's need an external RNG for extra entropy.

0 comments

cwalv1y ago

> Which they can do anyway if they have root access to the CA.

Until you turn it off. If they exfiltrate the keys, it's more complicated.

This goes back to your comment:

> Creates a two-tier PKI... on the same device. This completely defeats the purpose so you can't revoke anything in case of key compromise

But the root key is just created; it doesn't stay on the device and can't be used to sign anything.

> What actual problem does this solve or realistic threat does this prevent?

The problem is exfiltrating the key without physical access. Whether or not that's "realistic" enough to matter isn't a question that can be answered generally.

> Hard to say if those extra 9's need an external RNG for extra entropy.

IMO it's not. In the author's words: Optional, but fire

j / k navigate · click thread line to collapse