Key Archival and Recovery

Any front desk clerk at a hotel will tell you that people cannot be totally trusted with keys. They get lost, washed, ironed, or simply left on the wrong side of a door with an automatic lock.

Providing a central repository for replacement keys is a tricky proposition. If this repository were to be compromised, the entire PKI would be useless. Worse than useless, actually, because it may still seem to be reliable as the bad guys plunder the encrypted files and email messages.

Still, the ability to maintain continued access to data in the face of user neglect or mistake makes a secure key repository a highly attractive feature. Standard PKI has defined such a creature. It is called a Registration Authority, or RA. For ...

Get Inside Windows® Server 2003 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.