The worst case scenario for a CA is the compromise of the root key. This page develops our strategy for what we will do when (rather than if) the private key behind the root-certificate is compromised.

How do we find out?

Plausibly, we find it on the Filesharing networks, ...

1. How can we detect a publication of the private key as soon as possible?

1. OCSP requests for certificates we haven't issued

What steps do we take?

What will we do when the key compromise is discovered?

Questions to consider

Roots/CompromiseStrategy (last edited 2010-03-05 00:25:02 by DanielBlack)