[cabfpub] Teleconference Agenda

Ryan Hurst ryan.hurst at globalsign.com
Wed Nov 6 16:23:57 UTC 2013

We are one of the CAs that offer this as an option. 

We generate the associated keys in a HSM.

For distributing the key material we use a split secret as the password for a PKCS12 where one part is randomly generated and the other is supplied by the customer.

We never store these values.

The PKCS12 is downloaded by the customer in their authenticated session over SSL.

Once downloaded we delete the PKCS12.

We offer this for the reasons that Erwann calls out.

Sometimes customers are not in a situation where they can control the software or hardware that is used on the machines where one would want them to generate keys in a perfect world.

I also agree that Dual_EC_DRBG is a totally separate issue from the NIST curves but I also would like to see us in a position to include other ECC curves.


Ryan Hurst
Chief Technology Officer
GMO Globalsign

twitter: @rmhrisk
email: ryan.hurst at globalsign.com
phone: 206-650-7926

Sent from my phone, please forgive the brevity.

> On Nov 6, 2013, at 7:09 AM, Erwann Abalea <erwann.abalea at keynectis.com> wrote:
> Le 06/11/2013 14:59, Håvard Molland a écrit :
>>> On 11/05/2013 10:16 PM, Ben Wilson wrote:
>>> Besides reviewing working group status, new web site, and draft bylaws, which I'll send out soon, what other hot topics should we add to Thursday's discussion?  Remember, it will be an hour earlier for most of you.
>> I would like that we discuss that some CAs generate the site certificate's private key for their customers.  It is my opinion that this breaks the trust model and, especially in the light of recent events, I believe this is a bad practice.
> In the light of older published results (weak Debian keys, lack of entropy on some devices as explained in the "Mining your P's and Q's" and subsequent papers), it can also be seen as a good practice. We at Keynectis don't do that, but I can accept the positive arguments for such practices.
>> We could also discuss elliptic curves and recent worries that certain curve constants might have been manipulated: http://slashdot.org/submission/2947823/are-the-nist-standard-elliptic-curves-back-doored
> Please distinguish the Dual_EC_DRBG and NIST curves concerns. Dual_EC_DRBG has certainly been weakened, while there's still some doubts regarding NIST curves. Maybe it's time to allow for other curves, Brainpool ones come to mind (RFC5639).
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131106/11e52a94/attachment-0003.html>

More information about the Public mailing list