Overview

This method seeks to offer a simple and straight-forward method of root key protection that is low cost, has low administrative overhead and addresses all the settled criteria.

Principles

Procedures

The root key is transported to each backup offline root server on (re-)issue by two members of the critical systems administrators, in accordance with the Security Policy.

Additionally, sub-roots and OCSP certificate keys could also be backed up in the same fashion.

Costs

Key Storage

Key is stored in the same manner as the primary offline root.

Risks

If the backup offline root server(s) is/are stored in a single location and a disaster event could cause the physical destruction of all copies of the root key. This risk should be mitigated as part of a wider disaster recovery plan (through the use of multiple physical locations).

Assessment against Requirements

Author Assessment

Community Member Assessment

Community Member Assessment by XXXXX


Roots/EscrowAndRecovery/RedundantServers (last edited 2011-02-20 17:18:24 by UlrichSchroeter)