alt Hacker NewsI have, I've set up "truly offline" root certificate authorities and the like in the past.
Yes, it's a pain to operate, but if the alternative is "the bad guys get all of our money", then it can be worth it.
I have, I've set up "truly offline" root certificate authorities and the like in the past.
Yes, it's a pain to operate, but if the alternative is "the bad guys get all of our money", then it can be worth it.
Sure, I never said anything against offline root cert authorities. But did you do it literally exactly how this guy was saying to do it with a laptop that you load via CD-ROM for a signing key that’s being used for active transactions?
It’s as if one of the things your root certificate authority signed got compromised. It doesn’t help that your root key is safe if attackers still managed to impersonate you before you revoked that cert.
> privileged private key to sign off on how much USR could be created. Unfortunately, the smart contract itself did not enforce any maximum limit on minting – it only checked that a valid signature existed.
The offline idea simply doesn’t work because this particular key has to be online