public
/
docs
5
0
Fork 0
Code Issues 17 Pull Requests 1 Packages Projects Releases Wiki Activity

When moving up in levels, root entropy should be re-generated #36

New Issue
Open
opened 2025-01-04 14:35:18 +00:00 by anton · 0 comments
anton commented 2025-01-04 14:35:18 +00:00
Owner
Copy Link

Because each level exposes cryptographic material to different threats, when moving up in security levels, it is recommended to re-generate keys as they may had been exposed under weaker controls provided by the previous security level. An example of this is if a system is implemented to support the Level 2 security model, the cryptographic material is not protected from side-channel attacks adequately which means a threat actor could exfiltrate the keys and wait for any duration of time before they decide to execute an attack.

This note should be added to the threat model / intro section for clarity.

Because each level exposes cryptographic material to different threats, when moving up in security levels, it is recommended to re-generate keys as they may had been exposed under weaker controls provided by the previous security level. An example of this is if a system is implemented to support the Level 2 security model, the cryptographic material is not protected from side-channel attacks adequately which means a threat actor could exfiltrate the keys and wait for any duration of time before they decide to execute an attack. This note should be added to the threat model / intro section for clarity.
anton added this to the Custody Framework project 2025-01-04 14:35:18 +00:00
anton added the
qvs
 label 2025-01-04 14:36:41 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
feat/tamper-proofing-chain-of-custody
coding-standards
feat/quorum-kms
Labels
Clear labels   
qvs

Quorum Vaulting System

No Label
qvs
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Custody Framework
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/docs#36
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?