PacketSource — Security White Papers
 
A A A
 

Decommissioning Certification Authorities

Author: Claudia N. Lukas Published Jan. 3, 2011 from SANS

This paper outlines the process of terminating a certificate authority, this requires planning several physical, logical and human aspects. Security of information and reputation is at risk. The current and future needs of subscribers and other relying parties require consideration.

Certification Authorities (CA) based on Public Key Infrastructure (PKI) are in regular use throughout the world. While there are increasing numbers of CA's initiated each month, the time may have come to decommission a "pioneer" CA installed in the early years of commercial PKI, roughly 1995 - 1999. Business, financial, legal or simply technology shelf life may lead to terminating a CA. Terminating a CA is as important an event as its initiation - both require planning physical, logical and human aspects. Security of information and reputation is at risk. The current and future needs of subscribers and other relying parties require consideration.

Tags:

PDFRead the complete paper at SANS