Key server security considerations / Certification Authorities

Janusz A. Urbanowicz alex@FUCKUP.fantastyka.net
Mon Feb 19 02:00:02 2001



> > I visited signtrust.deutschepost.de for example, however they only sign keys
> > that they have created,
>
> So they also have your secret key. Very practical when the government wants
> to know things about you, like in Germany, what you were discussing with
> that member of a forbidden political party.
It depends on smartcard users. There are RSA smartcards that you can trigger to generate a key and give you public part for certification (and you can send them signed public key back for storage) but they won't surrender you a private key. Alex