Disaster Preparation and Recovery
As noted in the previous section, key compromise may involve an end-entity private key or an authority (for example, CA or RA) private key. Compromise (as well as destruction or any other event resulting in total loss of use) of an authority private key can be disastrous on quite a significant scale. This is because of the trust that a (potentially large) group of PKI entities places in that authority and because of the power it has to enable security in the environment.
In general, authority key compromise is a greater problem than loss of use of a key: Both events require the establishment of trust in a new key, but key compromise also destroys entity trust in existing signed statements from that authority ...
Get Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.