知识与财富的链接
CA(certificate authority)是PKI中的关键设施.CA的私有密钥一旦泄露,该CA签发的所有证书就只能全部作废.保护在线服务CA的私钥也就成为一个非常重要的课题.不是从保护系统或检测入侵出发来保证CA的安全,而是确保当少数部件被攻击或占领后,CA系统的机密信息并没有暴露.通过将私钥分发给不同的部件,并保证任何一个在线的部件无法恢复CA的私钥,从而保护了CA私钥的保密性.
CA (certificate authority) is a critical component in PKI. When the private key of a CA is compromised, all the certificates issued by that CA should be revoked. Keeping the private key secret while providing service on line is very important for a CA. Rather than prevent intrusions or detect them after the fact, the project ensures that the compromise of a few system components does not compromise the private key of the CA. The private key is protected by distributing it across a few servers. The private key is never reconstructed at a single online location.
