Off-line Root CA

Off-line Root CA

In a Public Key Infrastructure PKI the top of the trust path is the Certificate authority (CA), because is on the top is called the root CA. The CA is able to issue, distribute and revoke digital certificates X.509. The CA which is software running in a specialized server or hardware in general must be kept safe with the highest possible physical and logical security measures, therefore one of the options is not keeping the CA connected to the network and keep it physically separated, therefore several options exist:

1. Off-line Root CA. This means to disconnect the network cable from the server (where the CA is running), with two options:

a. To keep the server ON, and disconnected from the network.
b. To keep the server OFF disconnected from the network and placed into a vault.

NOTE. In some literature the term "Disconnected Root CA" is used, it is assumed here that it means the same as "Off line Root CA".

There are also some issues related to the CRL signing, since the off-line Root CA can not be "that" active revoking CRLs, therefore:
1. Keep an off-line Root CA and an on-line signing CRL
2. Keep everything off-line

See also

References


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Tarjan's off-line least common ancestors algorithm — In computer science, Tarjan s off line least common ancestors algorithm is an algorithm for computing lowest common ancestors for pairs of nodes in a tree, based on the union find data structure. The least common ancestor of two nodes d and e in… …   Wikipedia

  • ROOT — Infobox Software name = ROOT caption = Example ROOT plot showing regions of interest in a 2D distribution developer = CERN latest release version = 5.20/00 latest release date = June 25th, 2008 operating system = Cross platform genre = Data… …   Wikipedia

  • ROOT (CERN) — У этого термина существуют и другие значения, см. Root. ROOT …   Википедия

  • Root Sports Northwest — Launched 1987 (as Northwest Cable Sports) Network Fox Sports Net Owned by DirecTV Sports Networks Country …   Wikipedia

  • off|set — «verb. AWF SEHT, OF ; noun, adjective. AWF SEHT, OF », verb, set, set|ting, noun, adjective. –v.t. 1. to make up for; compensate for: »The better roads offset the greater distance. SYNONYM(S): counterbalance, neutralize. 2. to balance (one thin …   Useful english dictionary

  • root — 1. The primary or beginning portion of any part, as of a nerve at its origin from the brainstem or spinal cord. SYN: radix (1) [TA]. 2. SYN: r. of tooth. 3. The descending underground …   Medical dictionary

  • Midland Main Line — This article is about the railway line. For the former train operating company, see Midland Mainline. Midland Main Line East Midlands Trains HST at Dore. Overview …   Wikipedia

  • Dad's Root Beer — Products Dad s Root Beer Type Soft Drink Manufacturer …   Wikipedia

  • string line — String String (str[i^]ng), n. [OE. string, streng, AS. streng; akin to D. streng, G. strang, Icel. strengr, Sw. str[ a]ng, Dan. str[ae]ng; probably from the adj., E. strong (see {Strong}); or perhaps originally meaning, twisted, and akin to E.… …   The Collaborative International Dictionary of English

  • Scaling and root planing — Not to be confused with Dental antibiotic prophylaxis. Scaling and root planing Intervention Close up image of a hand scaler. ICD 9 CM …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”