Split private Key

[Michael Sierchio]

Clayton Haapala wrote:

> Why not encrypt the Certificate key, prior to splitting it

Encrypt the public key?  Does not compute.

Encryption is also not the same as splitting -- splitting is one
way to ensure that more than N principals must act in concert to
sign something -- and that signature might be an authorization
to perform some action with security consequences.

Of course "PKI" is not adequate as a trust management system -- it's
concerned with authentication, but leaves authorization as an exercise
for the reader. ;-)  The right way to do this is have an authorization
mechanism that requires K-of-N parties to sign a request for action.

See:

http://www.cs.yale.edu/homes/jf/usenix-ecom98.pdf
http://www.tenebras.com/rfc/rfc/27/rfc2704.txt
http://www.crypto.com/trustmgt/kn.html

apache-ssl has a module that permits the use of KeyNote policies
in access control.