Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Government IT News

German Health Insurance Card CA Loses Secret Key 174

Posted by timothy from the your-replacement-papers-please dept.
Christiane writes "The SSL Root CA responsible for issuing the German digital health insurance card lost its secret private key during a test enrollment. After their Hardware Security Module (HSM) dutifully deleted its crypto keys during a power outage, it was all 'Oops, why is there no backup?' All issued cards must be replaced: 'Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."'"
This discussion has been archived. No new comments can be posted.

German Health Insurance Card CA Loses Secret Key More

German Health Insurance Card CA Loses Secret Key

Comments Filter:

  • The big question... (Score:1, Interesting)

    by Anonymous Coward on Tuesday July 14, 2009 @11:30AM (#28691635)

    Is the cost of re-establishing the chain of trust (ie a new root and replacing all of the cards) higher than the value of the data that this system was protecting?

  • Re:Could be worse (Score:4, Interesting)

    by Opportunist ( 166417 ) on Tuesday July 14, 2009 @11:34AM (#28691691)

    What's worst about it is that this is probably presumed to be worse. Had the key be stolen, they'd probably not even report it because business could continue as usual, maybe nobody finds out...

  • You can fall off the road on either side (Score:4, Interesting)

    by starfishsystems ( 834319 ) on Tuesday July 14, 2009 @11:35AM (#28691709) Homepage
    There are two fundamental ways to fail as a CA. There must be exactly one party in effective possession of the private key of the root cert. If the number of parties becomes less than or more than one, fail.

    Mistakes happen, of course, and certificate infrastructures can be enormously complex. But if you're going to do any kind of risk mitigation, the absolutely most basic place to start would be with these two scenarios.

  • Re:Could be worse (Score:2, Interesting)

    by Anonymous Coward on Tuesday July 14, 2009 @12:19PM (#28692341)

    It could be worse, but this incident exposes a design flaw: The loss of a private key should not stop them from issuing new cards which are compatible with the existing cards.

    If a CA key is lost, then there should be a layer above it which can create a new CA key. Cards are checked against the top CA public key, so the old and the new cards can both be verified. Because the top CA is only used to create intermediate CAs, its private key can be kept safer than the key of a CA which is regularly used for signing certificates. Should it get lost anyway, at least the intermediate CA still exists and can continue signing new cards.

  • Re:Could be worse (Score:1, Interesting)

    by Anonymous Coward on Tuesday July 14, 2009 @12:20PM (#28692355)

    ...or maybe the key was stolen and to cover their ass made up a convienent story that the key was lost to reissue new cards before the real shit hit the fan.

  • Re:Wrong Title, Wrong summary (Score:4, Interesting)

    by WarlockD ( 623872 ) on Tuesday July 14, 2009 @03:46PM (#28695133)
    I don't know..

    "We did not decide against a back-up service ..."

    That double negative sounds awful like "At the time, we didn't know what they were asking":P I guess its just with personal experence. Evey time I hear a manager use double negatives to defend a decision, its because they didn't really know what they were deciding in the first place. Atleast in IT.

Slashdot Top Deals

You knew the job was dangerous when you took it, Fred. -- Superchicken

Close