<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_07_14_150243</id>
	<title>German Health Insurance Card CA Loses Secret Key</title>
	<author>timothy</author>
	<datestamp>1247584800000</datestamp>
	<htmltext>Christiane writes <i>"The SSL Root CA responsible for issuing the German digital health insurance card <a href="http://www.h-online.com/security/Loss-of-data-has-serious-consequences-for-German-electronic-health-card--/news/113740">lost its secret private key during a test enrollment</a>. After their Hardware Security Module (HSM) dutifully deleted its crypto keys during a power outage, it was all 'Oops, why is there no backup?' All issued cards must be replaced: 'Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."'"</i></htmltext>
<tokenext>Christiane writes " The SSL Root CA responsible for issuing the German digital health insurance card lost its secret private key during a test enrollment .
After their Hardware Security Module ( HSM ) dutifully deleted its crypto keys during a power outage , it was all 'Oops , why is there no backup ?
' All issued cards must be replaced : 'Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys .
" We did not decide against a back-up service .
The fact of the matter is that the service provider took over the running of the test system , so it also has to warrant its continuous operation .
How it fulfills this obligation is its own responsibility .
" ' "</tokentext>
<sentencetext>Christiane writes "The SSL Root CA responsible for issuing the German digital health insurance card lost its secret private key during a test enrollment.
After their Hardware Security Module (HSM) dutifully deleted its crypto keys during a power outage, it was all 'Oops, why is there no backup?
' All issued cards must be replaced: 'Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys.
"We did not decide against a back-up service.
The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation.
How it fulfills this obligation is its own responsibility.
"'"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691943</id>
	<title>Re:Wrong Title, Wrong summary</title>
	<author>maxume</author>
	<datestamp>1247590200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>At least a little, they apparently made the mistake of trusting the root CA.</p></htmltext>
<tokenext>At least a little , they apparently made the mistake of trusting the root CA .</tokentext>
<sentencetext>At least a little, they apparently made the mistake of trusting the root CA.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691609</id>
	<title>Could be worse</title>
	<author>Anonymous</author>
	<datestamp>1247588880000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>I'd rather the key be <i>lost</i>, than stolen, hacked, made-public, etc. At least it didn't breach security in the typical manner.</htmltext>
<tokenext>I 'd rather the key be lost , than stolen , hacked , made-public , etc .
At least it did n't breach security in the typical manner .</tokentext>
<sentencetext>I'd rather the key be lost, than stolen, hacked, made-public, etc.
At least it didn't breach security in the typical manner.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28700019</id>
	<title>Secret Sharing is the Answer</title>
	<author>Martin Hellman</author>
	<datestamp>1247591880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Making multiple backup copies protects against losing the secret (the root key in this case), but clearly increases the risk of theft.

Secret sharing is the way to backup and still be secure. In a "k out of n" secret sharing system, the secret is divided into n pieces, any k of which allow perfect reconstruction of the secret. What's amazing is that any k-1 tell absolutely nothing about the secret!

The easiest to understand is a k-1 out of k system. For example, taking k=5 and assuming the secret is 1000 bits long, the first four pieces of the secret are totally random bit strings, each 1000 bits long. The fifth piece is the XOR of the secret and these four strings. It's not hard to see that any four pieces tell nothing, but all five produce the secret when XORed together.

More complex k out of n systems are not too much harder to understand. For example, a 3 out of 5 system can be based on the coefficients (A,B,C) of a quadratic function y = Ax^2 + Bx + C. The coefficients can be determined by any three points (x,y) which lie on the graph. If C is the secret, and the 5 pieces of the secret are five points (x1,y1), (x2,y2), (x3,y3), (x4,y4) and (x5,y5) on the graph, then any 3 of them determine (A,B,C) and hence the secret C. But any 2 or less of them tell us absolutely nothing about C. Arithmetic is done in a finite field so that C is a bit string or similar.

Martin Hellman
<a href="http://www-ee.stanford.edu/~hellman/" title="stanford.edu" rel="nofollow">http://www-ee.stanford.edu/~hellman/</a> [stanford.edu]
<a href="http://nuclearrisk.org/" title="nuclearrisk.org" rel="nofollow">http://nuclearrisk.org/</a> [nuclearrisk.org]</htmltext>
<tokenext>Making multiple backup copies protects against losing the secret ( the root key in this case ) , but clearly increases the risk of theft .
Secret sharing is the way to backup and still be secure .
In a " k out of n " secret sharing system , the secret is divided into n pieces , any k of which allow perfect reconstruction of the secret .
What 's amazing is that any k-1 tell absolutely nothing about the secret !
The easiest to understand is a k-1 out of k system .
For example , taking k = 5 and assuming the secret is 1000 bits long , the first four pieces of the secret are totally random bit strings , each 1000 bits long .
The fifth piece is the XOR of the secret and these four strings .
It 's not hard to see that any four pieces tell nothing , but all five produce the secret when XORed together .
More complex k out of n systems are not too much harder to understand .
For example , a 3 out of 5 system can be based on the coefficients ( A,B,C ) of a quadratic function y = Ax ^ 2 + Bx + C. The coefficients can be determined by any three points ( x,y ) which lie on the graph .
If C is the secret , and the 5 pieces of the secret are five points ( x1,y1 ) , ( x2,y2 ) , ( x3,y3 ) , ( x4,y4 ) and ( x5,y5 ) on the graph , then any 3 of them determine ( A,B,C ) and hence the secret C. But any 2 or less of them tell us absolutely nothing about C. Arithmetic is done in a finite field so that C is a bit string or similar .
Martin Hellman http : //www-ee.stanford.edu/ ~ hellman/ [ stanford.edu ] http : //nuclearrisk.org/ [ nuclearrisk.org ]</tokentext>
<sentencetext>Making multiple backup copies protects against losing the secret (the root key in this case), but clearly increases the risk of theft.
Secret sharing is the way to backup and still be secure.
In a "k out of n" secret sharing system, the secret is divided into n pieces, any k of which allow perfect reconstruction of the secret.
What's amazing is that any k-1 tell absolutely nothing about the secret!
The easiest to understand is a k-1 out of k system.
For example, taking k=5 and assuming the secret is 1000 bits long, the first four pieces of the secret are totally random bit strings, each 1000 bits long.
The fifth piece is the XOR of the secret and these four strings.
It's not hard to see that any four pieces tell nothing, but all five produce the secret when XORed together.
More complex k out of n systems are not too much harder to understand.
For example, a 3 out of 5 system can be based on the coefficients (A,B,C) of a quadratic function y = Ax^2 + Bx + C. The coefficients can be determined by any three points (x,y) which lie on the graph.
If C is the secret, and the 5 pieces of the secret are five points (x1,y1), (x2,y2), (x3,y3), (x4,y4) and (x5,y5) on the graph, then any 3 of them determine (A,B,C) and hence the secret C. But any 2 or less of them tell us absolutely nothing about C. Arithmetic is done in a finite field so that C is a bit string or similar.
Martin Hellman
http://www-ee.stanford.edu/~hellman/ [stanford.edu]
http://nuclearrisk.org/ [nuclearrisk.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692743</id>
	<title>Re:Wrong Title, Wrong summary</title>
	<author>Anonymous</author>
	<datestamp>1247593680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>For a second i was wondering how Germans could that stupid. That is unlike the Germany i know.</p> </div><p>Don't confuse regular German companies and engineering with German public projects like these. The latter is usually a competition in who has got the best government connections and who can deliver the cheapest crap. The combination of corruption and the fact that you can sell any piece of crap to imcompetent officials often has hilarious results like these. You could call it the most expensive entertainment tax payer money can buy.</p></div>
	</htmltext>
<tokenext>For a second i was wondering how Germans could that stupid .
That is unlike the Germany i know .
Do n't confuse regular German companies and engineering with German public projects like these .
The latter is usually a competition in who has got the best government connections and who can deliver the cheapest crap .
The combination of corruption and the fact that you can sell any piece of crap to imcompetent officials often has hilarious results like these .
You could call it the most expensive entertainment tax payer money can buy .</tokentext>
<sentencetext>For a second i was wondering how Germans could that stupid.
That is unlike the Germany i know.
Don't confuse regular German companies and engineering with German public projects like these.
The latter is usually a competition in who has got the best government connections and who can deliver the cheapest crap.
The combination of corruption and the fact that you can sell any piece of crap to imcompetent officials often has hilarious results like these.
You could call it the most expensive entertainment tax payer money can buy.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692043</id>
	<title>Reading comprehension - you fail it!</title>
	<author>Anonymous</author>
	<datestamp>1247590680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Once again, misleading title to a different summary.</p></div><p>How's that again?</p><p><div class="quote"><p>For fuck's sake, the Germans didn't lose the key.<br>The SSL Root CA lost that.</p></div><p>Hmm.. I wonder if that's why the title reads "German Health Insurance Card <b>CA</b> Loses Secret Key"?</p><p>What are you ranting about?  The title says exactly what you say it should say, and then rant about how it's wrong...</p><p>Reading comprehension - you fail it!</p><p>Although I must laugh about how your post demonstrates <i>exactly</i> what you are claiming is wrong with the article's summary and title.</p></div>
	</htmltext>
<tokenext>Once again , misleading title to a different summary.How 's that again ? For fuck 's sake , the Germans did n't lose the key.The SSL Root CA lost that.Hmm.. I wonder if that 's why the title reads " German Health Insurance Card CA Loses Secret Key " ? What are you ranting about ?
The title says exactly what you say it should say , and then rant about how it 's wrong...Reading comprehension - you fail it ! Although I must laugh about how your post demonstrates exactly what you are claiming is wrong with the article 's summary and title .</tokentext>
<sentencetext>Once again, misleading title to a different summary.How's that again?For fuck's sake, the Germans didn't lose the key.The SSL Root CA lost that.Hmm.. I wonder if that's why the title reads "German Health Insurance Card CA Loses Secret Key"?What are you ranting about?
The title says exactly what you say it should say, and then rant about how it's wrong...Reading comprehension - you fail it!Although I must laugh about how your post demonstrates exactly what you are claiming is wrong with the article's summary and title.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692183</id>
	<title>Re:Wrong Title, Wrong summary</title>
	<author>Anonymous</author>
	<datestamp>1247591280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Hmm. The CA was D-Trust. Care to guess what country D-Trust operates out of?</p></htmltext>
<tokenext>Hmm .
The CA was D-Trust .
Care to guess what country D-Trust operates out of ?</tokentext>
<sentencetext>Hmm.
The CA was D-Trust.
Care to guess what country D-Trust operates out of?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691591</id>
	<title>NSA/CIA</title>
	<author>Anonymous</author>
	<datestamp>1247588760000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p>Maybe they should check with the NSA or CIA?  They've got a backdoor into EVERY system, and may still have the key saved on a laptop lying around somewhere.</p></htmltext>
<tokenext>Maybe they should check with the NSA or CIA ?
They 've got a backdoor into EVERY system , and may still have the key saved on a laptop lying around somewhere .</tokentext>
<sentencetext>Maybe they should check with the NSA or CIA?
They've got a backdoor into EVERY system, and may still have the key saved on a laptop lying around somewhere.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28696271</id>
	<title>Re:Best practices</title>
	<author>ioshhdflwuegfh</author>
	<datestamp>1247565720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p><div class="quote"><p>Best practices about CA management says you should have your secret key in a (physical) safe. Better yet, divide it in two pieces and put it along the passphrase in three different safes (part1+pass,part2+pass,part1+part2), so you can't lose key access even if you lose one safe, and nobody can take the key by opening a single safe.</p></div><p>And where do you keep the keys for those safes? Or their access code?
<br>
Just curious<nobr> <wbr></nobr>:-)</p></div><p>Why, in another safe... it is safes all the way down...</p></div>
	</htmltext>
<tokenext>Best practices about CA management says you should have your secret key in a ( physical ) safe .
Better yet , divide it in two pieces and put it along the passphrase in three different safes ( part1 + pass,part2 + pass,part1 + part2 ) , so you ca n't lose key access even if you lose one safe , and nobody can take the key by opening a single safe.And where do you keep the keys for those safes ?
Or their access code ?
Just curious : - ) Why , in another safe... it is safes all the way down.. .</tokentext>
<sentencetext>Best practices about CA management says you should have your secret key in a (physical) safe.
Better yet, divide it in two pieces and put it along the passphrase in three different safes (part1+pass,part2+pass,part1+part2), so you can't lose key access even if you lose one safe, and nobody can take the key by opening a single safe.And where do you keep the keys for those safes?
Or their access code?
Just curious :-)Why, in another safe... it is safes all the way down...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695319</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691819</id>
	<title>Re:Oh c'mon, be fair!</title>
	<author>MindKata</author>
	<datestamp>1247589660000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><i>"too many copies"<nobr> <wbr></nobr>... "having too few"</i> <br>
<br>
This kind of organisation usually has a backup somewhere, they just have to find it. Its usually backed up on a post-it note somewhere. Maybe they should ask all of us to look for it, on the sides of our monitors.</htmltext>
<tokenext>" too many copies " ... " having too few " This kind of organisation usually has a backup somewhere , they just have to find it .
Its usually backed up on a post-it note somewhere .
Maybe they should ask all of us to look for it , on the sides of our monitors .</tokentext>
<sentencetext>"too many copies" ... "having too few" 

This kind of organisation usually has a backup somewhere, they just have to find it.
Its usually backed up on a post-it note somewhere.
Maybe they should ask all of us to look for it, on the sides of our monitors.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691533</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692573</id>
	<title>Re:Could be worse</title>
	<author>Anonymous</author>
	<datestamp>1247592900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Once had a software vendor provide both their public and private SSL keys to 25 people at my company so we could connect to a SOAP interface they'd created for us.  This wasn't just a soap.company.com cert, but the www.company.com.</p><p>Stupid is as stupid does.</p></htmltext>
<tokenext>Once had a software vendor provide both their public and private SSL keys to 25 people at my company so we could connect to a SOAP interface they 'd created for us .
This was n't just a soap.company.com cert , but the www.company.com.Stupid is as stupid does .</tokentext>
<sentencetext>Once had a software vendor provide both their public and private SSL keys to 25 people at my company so we could connect to a SOAP interface they'd created for us.
This wasn't just a soap.company.com cert, but the www.company.com.Stupid is as stupid does.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691609</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691533</id>
	<title>Oh c'mon, be fair!</title>
	<author>Anonymous</author>
	<datestamp>1247588580000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p>Not even a month ago you chided them because there were too many copies (some of them even offsite, they just didn't know who had them now), now you chew them out for having too few. Make up your effing mind!</p></htmltext>
<tokenext>Not even a month ago you chided them because there were too many copies ( some of them even offsite , they just did n't know who had them now ) , now you chew them out for having too few .
Make up your effing mind !</tokentext>
<sentencetext>Not even a month ago you chided them because there were too many copies (some of them even offsite, they just didn't know who had them now), now you chew them out for having too few.
Make up your effing mind!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691669</id>
	<title>This would never happen in Britain</title>
	<author>Curmudgeonlyoldbloke</author>
	<datestamp>1247589120000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>It would easily be found be searching the nearest pub car park for USB keys, or checking the train that the relevant civil servant travelled home on.</p></htmltext>
<tokenext>It would easily be found be searching the nearest pub car park for USB keys , or checking the train that the relevant civil servant travelled home on .</tokentext>
<sentencetext>It would easily be found be searching the nearest pub car park for USB keys, or checking the train that the relevant civil servant travelled home on.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692691</id>
	<title>Re:You can fall off the road on either side</title>
	<author>radtea</author>
	<datestamp>1247593440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>certificate infrastructures can be enormously complex.</i></p><p>This is the problem:  simplicity is the key to security.  A complex system is just one with more places to hide exploits.</p></htmltext>
<tokenext>certificate infrastructures can be enormously complex.This is the problem : simplicity is the key to security .
A complex system is just one with more places to hide exploits .</tokentext>
<sentencetext>certificate infrastructures can be enormously complex.This is the problem:  simplicity is the key to security.
A complex system is just one with more places to hide exploits.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695315</id>
	<title>Re:You can fall off the road on either side</title>
	<author>evilbessie</author>
	<datestamp>1247605140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I wouldn't have thought keeping the root online at all times was particularly sensible. At least I seem to remember that this was some of the point of the hierarchical certificate system. You generate the root cert, then some tier 1 certs and turn off the root, put it in a cupboard* use the tier 1 certs to generate more, this way you don't compromise the absolute top of the hierarchy. Which should make the fail moments slightly easier to manage.</p><p>*preferably one with a good lock and lined with steel.</p></htmltext>
<tokenext>I would n't have thought keeping the root online at all times was particularly sensible .
At least I seem to remember that this was some of the point of the hierarchical certificate system .
You generate the root cert , then some tier 1 certs and turn off the root , put it in a cupboard * use the tier 1 certs to generate more , this way you do n't compromise the absolute top of the hierarchy .
Which should make the fail moments slightly easier to manage .
* preferably one with a good lock and lined with steel .</tokentext>
<sentencetext>I wouldn't have thought keeping the root online at all times was particularly sensible.
At least I seem to remember that this was some of the point of the hierarchical certificate system.
You generate the root cert, then some tier 1 certs and turn off the root, put it in a cupboard* use the tier 1 certs to generate more, this way you don't compromise the absolute top of the hierarchy.
Which should make the fail moments slightly easier to manage.
*preferably one with a good lock and lined with steel.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693861</id>
	<title>Re:You can fall off the road on either side</title>
	<author>Pinckney</author>
	<datestamp>1247598060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>How about backups on heavy steel punch-cards sealed and stored in some sort of vault? No serious risk of erasure, and much more difficult to walk off with than any sort of digital backups.</htmltext>
<tokenext>How about backups on heavy steel punch-cards sealed and stored in some sort of vault ?
No serious risk of erasure , and much more difficult to walk off with than any sort of digital backups .</tokentext>
<sentencetext>How about backups on heavy steel punch-cards sealed and stored in some sort of vault?
No serious risk of erasure, and much more difficult to walk off with than any sort of digital backups.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691635</id>
	<title>The big question...</title>
	<author>Anonymous</author>
	<datestamp>1247589000000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>Is the cost of re-establishing the chain of trust (ie a new root and replacing all of the cards) higher than the value of the data that this system was protecting?</p></htmltext>
<tokenext>Is the cost of re-establishing the chain of trust ( ie a new root and replacing all of the cards ) higher than the value of the data that this system was protecting ?</tokentext>
<sentencetext>Is the cost of re-establishing the chain of trust (ie a new root and replacing all of the cards) higher than the value of the data that this system was protecting?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695319</id>
	<title>Re:Best practices</title>
	<author>Anonymous</author>
	<datestamp>1247605140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And where do you keep the keys for those safes?  Or their access code?</p><p>Just curious<nobr> <wbr></nobr>:-)</p></htmltext>
<tokenext>And where do you keep the keys for those safes ?
Or their access code ? Just curious : - )</tokentext>
<sentencetext>And where do you keep the keys for those safes?
Or their access code?Just curious :-)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692651</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694535</id>
	<title>Re:Wrong Title, Wrong summary</title>
	<author>oldhack</author>
	<datestamp>1247601120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Some Germans are rather sensitive, aren't they?  They'd better not talk to VW owners in the US.</htmltext>
<tokenext>Some Germans are rather sensitive , are n't they ?
They 'd better not talk to VW owners in the US .</tokentext>
<sentencetext>Some Germans are rather sensitive, aren't they?
They'd better not talk to VW owners in the US.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709</id>
	<title>You can fall off the road on either side</title>
	<author>Anonymous</author>
	<datestamp>1247589300000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>There are two <i>fundamental</i> ways to fail as a CA.  There must be exactly one party in effective possession of the private key of the root cert.  If the number of parties becomes less than or more than one, fail.
<br> <br>
Mistakes happen, of course, and certificate infrastructures can be enormously complex.  But if you're going to do any kind of risk mitigation, the absolutely most basic place to start would be with these two scenarios.</htmltext>
<tokenext>There are two fundamental ways to fail as a CA .
There must be exactly one party in effective possession of the private key of the root cert .
If the number of parties becomes less than or more than one , fail .
Mistakes happen , of course , and certificate infrastructures can be enormously complex .
But if you 're going to do any kind of risk mitigation , the absolutely most basic place to start would be with these two scenarios .</tokentext>
<sentencetext>There are two fundamental ways to fail as a CA.
There must be exactly one party in effective possession of the private key of the root cert.
If the number of parties becomes less than or more than one, fail.
Mistakes happen, of course, and certificate infrastructures can be enormously complex.
But if you're going to do any kind of risk mitigation, the absolutely most basic place to start would be with these two scenarios.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692007</id>
	<title>Place blame</title>
	<author>ubrgeek</author>
	<datestamp>1247590560000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext>Poeschkens claimed, "I know nothing! noth-thing!" and proceeded to blame the problem on a man he would only identify as "Hogan."</htmltext>
<tokenext>Poeschkens claimed , " I know nothing !
noth-thing ! " and proceeded to blame the problem on a man he would only identify as " Hogan .
"</tokentext>
<sentencetext>Poeschkens claimed, "I know nothing!
noth-thing!" and proceeded to blame the problem on a man he would only identify as "Hogan.
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693943</id>
	<title>Spoonerism</title>
	<author>Curate</author>
	<datestamp>1247598420000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><i>Gematik spokesman Daniel Poeschkens poured scorn</i> <p>

I literally read that as <i>scoured porn</i>...</p></htmltext>
<tokenext>Gematik spokesman Daniel Poeschkens poured scorn I literally read that as scoured porn.. .</tokentext>
<sentencetext>Gematik spokesman Daniel Poeschkens poured scorn 

I literally read that as scoured porn...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28696759</id>
	<title>Potatos?</title>
	<author>Bysshe</author>
	<datestamp>1247568060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>1000th potato of the month? That's at least 33 potatos a day! That'd be a world record I suspect and well deserving of a certificate!</htmltext>
<tokenext>1000th potato of the month ?
That 's at least 33 potatos a day !
That 'd be a world record I suspect and well deserving of a certificate !</tokentext>
<sentencetext>1000th potato of the month?
That's at least 33 potatos a day!
That'd be a world record I suspect and well deserving of a certificate!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692133</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693087</id>
	<title>Re:Wrong Title, Wrong summary</title>
	<author>Bigjeff5</author>
	<datestamp>1247594940000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>The title/summary are not necessarilly incorrect, just ambiguous.  English can do that, and if you aren't paying attention your meaning can be taken in a way other than you intended.</p><p>In this case, there are a few ways to read "German Health Insurance Card CA":</p><p>1.) The Health Insurance Card CA of German origin<br>2.) The CA for the German Health Insurance Card<br>3.) The Card CA for German Health Insurance<br>4.) The Insurance Card CA for German Health</p><p>Obviously they aren't saying 3 or 4, those work gramatically but don't make a lot of sense in the context of health insurance and certificate authorities.  1 and 2 though, work pretty well either way.  They should have used the unambiguous form, obviously with a small amount of research we can see that 2 is the correct meaning, but a number of people will read the sentance to mean 1 instead, as you did.</p><p>It's poor writing, not an attack or attempt to slight Germans.  Remember the old saying: Never ascribe to malice what can be explained by incompetance.</p><p>Lastly, while it was the CA's responsibility to ensure they have backups and the like, it is the client company's responsibility to ensure they can maintain their business.  If the health insurance company never asked for or verified a disaster recovery plan, it's their ass that is in hot water if they cannot provide service.</p><p>Make no mistake, they WILL lose business over this, even if the failure isn't directly their fault.</p></htmltext>
<tokenext>The title/summary are not necessarilly incorrect , just ambiguous .
English can do that , and if you are n't paying attention your meaning can be taken in a way other than you intended.In this case , there are a few ways to read " German Health Insurance Card CA " : 1 .
) The Health Insurance Card CA of German origin2 .
) The CA for the German Health Insurance Card3 .
) The Card CA for German Health Insurance4 .
) The Insurance Card CA for German HealthObviously they are n't saying 3 or 4 , those work gramatically but do n't make a lot of sense in the context of health insurance and certificate authorities .
1 and 2 though , work pretty well either way .
They should have used the unambiguous form , obviously with a small amount of research we can see that 2 is the correct meaning , but a number of people will read the sentance to mean 1 instead , as you did.It 's poor writing , not an attack or attempt to slight Germans .
Remember the old saying : Never ascribe to malice what can be explained by incompetance.Lastly , while it was the CA 's responsibility to ensure they have backups and the like , it is the client company 's responsibility to ensure they can maintain their business .
If the health insurance company never asked for or verified a disaster recovery plan , it 's their ass that is in hot water if they can not provide service.Make no mistake , they WILL lose business over this , even if the failure is n't directly their fault .</tokentext>
<sentencetext>The title/summary are not necessarilly incorrect, just ambiguous.
English can do that, and if you aren't paying attention your meaning can be taken in a way other than you intended.In this case, there are a few ways to read "German Health Insurance Card CA":1.
) The Health Insurance Card CA of German origin2.
) The CA for the German Health Insurance Card3.
) The Card CA for German Health Insurance4.
) The Insurance Card CA for German HealthObviously they aren't saying 3 or 4, those work gramatically but don't make a lot of sense in the context of health insurance and certificate authorities.
1 and 2 though, work pretty well either way.
They should have used the unambiguous form, obviously with a small amount of research we can see that 2 is the correct meaning, but a number of people will read the sentance to mean 1 instead, as you did.It's poor writing, not an attack or attempt to slight Germans.
Remember the old saying: Never ascribe to malice what can be explained by incompetance.Lastly, while it was the CA's responsibility to ensure they have backups and the like, it is the client company's responsibility to ensure they can maintain their business.
If the health insurance company never asked for or verified a disaster recovery plan, it's their ass that is in hot water if they cannot provide service.Make no mistake, they WILL lose business over this, even if the failure isn't directly their fault.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691627</id>
	<title>Re:Wrong Title, Wrong summary</title>
	<author>Sockatume</author>
	<datestamp>1247588940000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>The summary even states that Gematik insisted on a back-up less operation, and then provides a quote <i>explicitly stating that they did no such thing</i>! Slashdot: doing for editorial accuracy what Fox does for editorial neutrality.</p></div>
	</htmltext>
<tokenext>The summary even states that Gematik insisted on a back-up less operation , and then provides a quote explicitly stating that they did no such thing !
Slashdot : doing for editorial accuracy what Fox does for editorial neutrality .</tokentext>
<sentencetext>The summary even states that Gematik insisted on a back-up less operation, and then provides a quote explicitly stating that they did no such thing!
Slashdot: doing for editorial accuracy what Fox does for editorial neutrality.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694711</id>
	<title>Re:Oh c'mon, be fair!</title>
	<author>v1</author>
	<datestamp>1247602020000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><i> Its usually backed up on a post-it note somewhere.</i></p><p>For a root CA private key, better be a big post-it note</p><p>(or written in really small letters)</p></htmltext>
<tokenext>Its usually backed up on a post-it note somewhere.For a root CA private key , better be a big post-it note ( or written in really small letters )</tokentext>
<sentencetext> Its usually backed up on a post-it note somewhere.For a root CA private key, better be a big post-it note(or written in really small letters)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691819</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692935</id>
	<title>Re:You can fall off the road on either side</title>
	<author>hey!</author>
	<datestamp>1247594400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So, it's kind of like the optimist/pessimist thing, right?</p><p>As an optimist, I'd say that least they didn't fail in the worst possible way.</p><p>The pessimist in me thinks I should get a bit more than "not failing in the worst possible way" when I pay somebody a barrel of cash to hash a couple numbers for me.</p></htmltext>
<tokenext>So , it 's kind of like the optimist/pessimist thing , right ? As an optimist , I 'd say that least they did n't fail in the worst possible way.The pessimist in me thinks I should get a bit more than " not failing in the worst possible way " when I pay somebody a barrel of cash to hash a couple numbers for me .</tokentext>
<sentencetext>So, it's kind of like the optimist/pessimist thing, right?As an optimist, I'd say that least they didn't fail in the worst possible way.The pessimist in me thinks I should get a bit more than "not failing in the worst possible way" when I pay somebody a barrel of cash to hash a couple numbers for me.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692947</id>
	<title>Re:Wrong Title, Wrong summary</title>
	<author>garry\_g</author>
	<datestamp>1247594400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><i>For a second i was wondering how Germans could that stupid. That is unlike the Germany i know</i></p><p>You don't seem to know much about politically motivated, government-initiated IT projects in Germany, do you? Overfunded, and staffed with f@cking idiots unable to do their work, much less keep the project organized with PM<nobr> <wbr></nobr>...</p></htmltext>
<tokenext>For a second i was wondering how Germans could that stupid .
That is unlike the Germany i knowYou do n't seem to know much about politically motivated , government-initiated IT projects in Germany , do you ?
Overfunded , and staffed with f @ cking idiots unable to do their work , much less keep the project organized with PM .. .</tokentext>
<sentencetext>For a second i was wondering how Germans could that stupid.
That is unlike the Germany i knowYou don't seem to know much about politically motivated, government-initiated IT projects in Germany, do you?
Overfunded, and staffed with f@cking idiots unable to do their work, much less keep the project organized with PM ...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693355</id>
	<title>My advice in the past</title>
	<author>meerling</author>
	<datestamp>1247595960000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>In talking with people (or company representatives) about their security regarding passwords and keys, I always told them two things.<br>
<br>
First, all security experts will tell you that you should not keep copies of that stuff around.<br>
<br>
Second, that's not a realistic expectation, stuff happens. The IT guy goes on vacation, has an accident, or dies. (Seen all 3 numerous times.) You fire the Admin for some reason. This building burns down. Etc.<br>
<br>
A reasonable thing to do, is keep a password/key log with that critical information that is kept up to date at all times. You have two copies of it. Both are kept secure in good quality safes (not a $200 lockbox).<br>
Both safes are in different physical locations, at least separate buildings, preferably miles apart.<br>
The reason for this is pretty easy. Once again, things happen. I've seen buildings burnt down, flooded, inaccessible due to chemical hazards from a truck wreck, etc. You don't know what will happen, but if you have them stored at separate physical locations, you at least know you will be able to get to one of them if you need to, assuming nobody uses a nuke.<br>
<br>
It all falls under that old techie saying, "So, when did your data become important to you? Before or after you lost it...".</htmltext>
<tokenext>In talking with people ( or company representatives ) about their security regarding passwords and keys , I always told them two things .
First , all security experts will tell you that you should not keep copies of that stuff around .
Second , that 's not a realistic expectation , stuff happens .
The IT guy goes on vacation , has an accident , or dies .
( Seen all 3 numerous times .
) You fire the Admin for some reason .
This building burns down .
Etc . A reasonable thing to do , is keep a password/key log with that critical information that is kept up to date at all times .
You have two copies of it .
Both are kept secure in good quality safes ( not a $ 200 lockbox ) .
Both safes are in different physical locations , at least separate buildings , preferably miles apart .
The reason for this is pretty easy .
Once again , things happen .
I 've seen buildings burnt down , flooded , inaccessible due to chemical hazards from a truck wreck , etc .
You do n't know what will happen , but if you have them stored at separate physical locations , you at least know you will be able to get to one of them if you need to , assuming nobody uses a nuke .
It all falls under that old techie saying , " So , when did your data become important to you ?
Before or after you lost it... " .</tokentext>
<sentencetext>In talking with people (or company representatives) about their security regarding passwords and keys, I always told them two things.
First, all security experts will tell you that you should not keep copies of that stuff around.
Second, that's not a realistic expectation, stuff happens.
The IT guy goes on vacation, has an accident, or dies.
(Seen all 3 numerous times.
) You fire the Admin for some reason.
This building burns down.
Etc.

A reasonable thing to do, is keep a password/key log with that critical information that is kept up to date at all times.
You have two copies of it.
Both are kept secure in good quality safes (not a $200 lockbox).
Both safes are in different physical locations, at least separate buildings, preferably miles apart.
The reason for this is pretty easy.
Once again, things happen.
I've seen buildings burnt down, flooded, inaccessible due to chemical hazards from a truck wreck, etc.
You don't know what will happen, but if you have them stored at separate physical locations, you at least know you will be able to get to one of them if you need to, assuming nobody uses a nuke.
It all falls under that old techie saying, "So, when did your data become important to you?
Before or after you lost it...".</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691693</id>
	<title>Public Key Infrastructure</title>
	<author>Reason58</author>
	<datestamp>1247589240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The entire concept of PKI revolves around the inheritance of trust from the root CA. It seems pretty clear these guys can not be trusted. I would be worried about the people who have to use them.</htmltext>
<tokenext>The entire concept of PKI revolves around the inheritance of trust from the root CA .
It seems pretty clear these guys can not be trusted .
I would be worried about the people who have to use them .</tokentext>
<sentencetext>The entire concept of PKI revolves around the inheritance of trust from the root CA.
It seems pretty clear these guys can not be trusted.
I would be worried about the people who have to use them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691543</id>
	<title>An HSM That Requires Continuous Power?</title>
	<author>Philip K Dickhead</author>
	<datestamp>1247588580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Even when accessing key material?  C'mon!  The Confidentiality, INTEGRITY, ASSURANCE triangle seems to be missing a couple of legs, in this instance.</p><p>That's really amateur.  Sounds like someone swapped the Smart Cards with <i>Dumb</i> Cards...</p></htmltext>
<tokenext>Even when accessing key material ?
C'mon ! The Confidentiality , INTEGRITY , ASSURANCE triangle seems to be missing a couple of legs , in this instance.That 's really amateur .
Sounds like someone swapped the Smart Cards with Dumb Cards.. .</tokentext>
<sentencetext>Even when accessing key material?
C'mon!  The Confidentiality, INTEGRITY, ASSURANCE triangle seems to be missing a couple of legs, in this instance.That's really amateur.
Sounds like someone swapped the Smart Cards with Dumb Cards...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695037</id>
	<title>Re:What is "CA"?</title>
	<author>Anonymous</author>
	<datestamp>1247603940000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><i>For those of you who are wondering what CA is, it stands for Certificate Authority. You see, the Germans have a hard time functioning without a constant stream of praise, so they have this authority in place that prints and sends certificates to people. Every day thousands of Germans get congratualted for crossing the street, for finding their car keys or for eating their 1000th potato of the month. You know you've walked into a German household when you see the wallpaper of framed certificates.</i></p><p>Their national ringtone is "ACHIEVEMENT UNLOCKED".</p><p>True story.</p></htmltext>
<tokenext>For those of you who are wondering what CA is , it stands for Certificate Authority .
You see , the Germans have a hard time functioning without a constant stream of praise , so they have this authority in place that prints and sends certificates to people .
Every day thousands of Germans get congratualted for crossing the street , for finding their car keys or for eating their 1000th potato of the month .
You know you 've walked into a German household when you see the wallpaper of framed certificates.Their national ringtone is " ACHIEVEMENT UNLOCKED " .True story .</tokentext>
<sentencetext>For those of you who are wondering what CA is, it stands for Certificate Authority.
You see, the Germans have a hard time functioning without a constant stream of praise, so they have this authority in place that prints and sends certificates to people.
Every day thousands of Germans get congratualted for crossing the street, for finding their car keys or for eating their 1000th potato of the month.
You know you've walked into a German household when you see the wallpaper of framed certificates.Their national ringtone is "ACHIEVEMENT UNLOCKED".True story.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692133</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692341</id>
	<title>Re:Could be worse</title>
	<author>Anonymous</author>
	<datestamp>1247591940000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>It could be worse, but this incident exposes a design flaw: The loss of a private key should not stop them from issuing new cards which are compatible with the existing cards.</p><p>If a CA key is lost, then there should be a layer above it which can create a new CA key. Cards are checked against the top CA public key, so the old and the new cards can both be verified. Because the top CA is only used to create intermediate CAs, its private key can be kept safer than the key of a CA which is regularly used for signing certificates. Should it get lost anyway, at least the intermediate CA still exists and can continue signing new cards.</p></htmltext>
<tokenext>It could be worse , but this incident exposes a design flaw : The loss of a private key should not stop them from issuing new cards which are compatible with the existing cards.If a CA key is lost , then there should be a layer above it which can create a new CA key .
Cards are checked against the top CA public key , so the old and the new cards can both be verified .
Because the top CA is only used to create intermediate CAs , its private key can be kept safer than the key of a CA which is regularly used for signing certificates .
Should it get lost anyway , at least the intermediate CA still exists and can continue signing new cards .</tokentext>
<sentencetext>It could be worse, but this incident exposes a design flaw: The loss of a private key should not stop them from issuing new cards which are compatible with the existing cards.If a CA key is lost, then there should be a layer above it which can create a new CA key.
Cards are checked against the top CA public key, so the old and the new cards can both be verified.
Because the top CA is only used to create intermediate CAs, its private key can be kept safer than the key of a CA which is regularly used for signing certificates.
Should it get lost anyway, at least the intermediate CA still exists and can continue signing new cards.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691609</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28700891</id>
	<title>Re:What is "CA"?</title>
	<author>Anonymous</author>
	<datestamp>1247690340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I didn't know Germans had an image of being obsessed with certificates. We kinda make the same jokes about your school graduation celebrations and nicely designed reports at the end of the year. Personally, I don't own a single certificate that's really fancy if I compare it to those of my american relatives.</p><p>Ohh, and the amount of medals/whateveryoucallit you give out in your military is also funny to some Germans, with even the lowest ranks wearing more than our higher-ups (It's obvious for slashdotters that this is because the American military is superior in every way<nobr> <wbr></nobr>:) )</p></htmltext>
<tokenext>I did n't know Germans had an image of being obsessed with certificates .
We kinda make the same jokes about your school graduation celebrations and nicely designed reports at the end of the year .
Personally , I do n't own a single certificate that 's really fancy if I compare it to those of my american relatives.Ohh , and the amount of medals/whateveryoucallit you give out in your military is also funny to some Germans , with even the lowest ranks wearing more than our higher-ups ( It 's obvious for slashdotters that this is because the American military is superior in every way : ) )</tokentext>
<sentencetext>I didn't know Germans had an image of being obsessed with certificates.
We kinda make the same jokes about your school graduation celebrations and nicely designed reports at the end of the year.
Personally, I don't own a single certificate that's really fancy if I compare it to those of my american relatives.Ohh, and the amount of medals/whateveryoucallit you give out in your military is also funny to some Germans, with even the lowest ranks wearing more than our higher-ups (It's obvious for slashdotters that this is because the American military is superior in every way :) )</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692133</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691649</id>
	<title>Re:An HSM That Requires Continuous Power?</title>
	<author>rindeee</author>
	<datestamp>1247589060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>For the record, the CIA triad is "Confidentiality, Integrity, Availability", which is actually more applicable in this case.  Just sayin'.</p></htmltext>
<tokenext>For the record , the CIA triad is " Confidentiality , Integrity , Availability " , which is actually more applicable in this case .
Just sayin' .</tokentext>
<sentencetext>For the record, the CIA triad is "Confidentiality, Integrity, Availability", which is actually more applicable in this case.
Just sayin'.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691543</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694551</id>
	<title>Er...</title>
	<author>johny42</author>
	<datestamp>1247601180000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>All issued cards must be replaced</p></div><p>...why?

Unless they (along with everyone else) have lost their public key, there should be no problem verifying all previously signed cards.</p></div>
	</htmltext>
<tokenext>All issued cards must be replaced...why ?
Unless they ( along with everyone else ) have lost their public key , there should be no problem verifying all previously signed cards .</tokentext>
<sentencetext>All issued cards must be replaced...why?
Unless they (along with everyone else) have lost their public key, there should be no problem verifying all previously signed cards.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691949</id>
	<title>didn't the Germans learn anything from Bushie?</title>
	<author>Anonymous</author>
	<datestamp>1247590200000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>0</modscore>
	<htmltext><p>(1) outsourced government works even less well.</p><p>(2) exceptions are covered under rule #1.</p></htmltext>
<tokenext>( 1 ) outsourced government works even less well .
( 2 ) exceptions are covered under rule # 1 .</tokentext>
<sentencetext>(1) outsourced government works even less well.
(2) exceptions are covered under rule #1.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693305</id>
	<title>Re:Wrong Title, Wrong summary</title>
	<author>JaredOfEuropa</author>
	<datestamp>1247595840000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>Even so, this line struck me as all too familiar: "The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."
<br> <br>
<i>This</i> is why managers (especially the MBA types) love outsourcing of everything.  It is also in part because numbers and KPIs are so much more easy to manage than actual people.  But mainly, by outsourcing a function <i>you also get to outsource the responsibility</i> for that particular function.  If things go tits up, the worst you'll be blamed for is picking the wrong service provider, or perhaps not monitoring a particular KPI properly.  Minor stuff.
<br> <br>
I've seen plenty of managers like that, and I have heard a variation of that one line all too often.</htmltext>
<tokenext>Even so , this line struck me as all too familiar : " The fact of the matter is that the service provider took over the running of the test system , so it also has to warrant its continuous operation .
How it fulfills this obligation is its own responsibility .
" This is why managers ( especially the MBA types ) love outsourcing of everything .
It is also in part because numbers and KPIs are so much more easy to manage than actual people .
But mainly , by outsourcing a function you also get to outsource the responsibility for that particular function .
If things go tits up , the worst you 'll be blamed for is picking the wrong service provider , or perhaps not monitoring a particular KPI properly .
Minor stuff .
I 've seen plenty of managers like that , and I have heard a variation of that one line all too often .</tokentext>
<sentencetext>Even so, this line struck me as all too familiar: "The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation.
How it fulfills this obligation is its own responsibility.
"
 
This is why managers (especially the MBA types) love outsourcing of everything.
It is also in part because numbers and KPIs are so much more easy to manage than actual people.
But mainly, by outsourcing a function you also get to outsource the responsibility for that particular function.
If things go tits up, the worst you'll be blamed for is picking the wrong service provider, or perhaps not monitoring a particular KPI properly.
Minor stuff.
I've seen plenty of managers like that, and I have heard a variation of that one line all too often.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691729</id>
	<title>Rootkeylosin!</title>
	<author>Anonymous</author>
	<datestamp>1247589420000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>Q: How do you learn every German swear word in about 20 seconds?<br>A: Tell the German admin that you lost the root key.</p></htmltext>
<tokenext>Q : How do you learn every German swear word in about 20 seconds ? A : Tell the German admin that you lost the root key .</tokentext>
<sentencetext>Q: How do you learn every German swear word in about 20 seconds?A: Tell the German admin that you lost the root key.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28698223</id>
	<title>Re:I'm confused</title>
	<author>Anonymous</author>
	<datestamp>1247576580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>They don't need to send out new cards.  They just need to regenerate the credentials on all the cards (ie. new certificates).  They don't even need to regenerate keys on the issued cards.</p><p>Annoying, but no big deal in a test system.</p></htmltext>
<tokenext>They do n't need to send out new cards .
They just need to regenerate the credentials on all the cards ( ie .
new certificates ) .
They do n't even need to regenerate keys on the issued cards.Annoying , but no big deal in a test system .</tokentext>
<sentencetext>They don't need to send out new cards.
They just need to regenerate the credentials on all the cards (ie.
new certificates).
They don't even need to regenerate keys on the issued cards.Annoying, but no big deal in a test system.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691793</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28700173</id>
	<title>Re:Wrong Title, Wrong summary</title>
	<author>bugs2squash</author>
	<datestamp>1247593200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>In that case, why were they stupid enough to rely on an external CA ?

They should have signed their own cards and kept the responsibility to themselves.</htmltext>
<tokenext>In that case , why were they stupid enough to rely on an external CA ?
They should have signed their own cards and kept the responsibility to themselves .</tokentext>
<sentencetext>In that case, why were they stupid enough to rely on an external CA ?
They should have signed their own cards and kept the responsibility to themselves.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692133</id>
	<title>What is "CA"?</title>
	<author>T Murphy</author>
	<datestamp>1247591100000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext>For those of you who are wondering what CA is, it stands for Certificate Authority. You see, the Germans have a hard time functioning without a constant stream of praise, so they have this authority in place that prints and sends certificates to people. Every day thousands of Germans get congratualted for crossing the street, for finding their car keys or for eating their 1000th potato of the month. You know you've walked into a German household when you see the wallpaper of framed certificates.<br> <br>

The problem here is that the company deleted the certificate-printing program since they thought someone was trying to hack in and print more certificates for themselves- no one is THAT special so they had to stop him. They forgot to have another program ready to print more certificates, so now Germany is under threat of entering a depression since they no longer get certificates telling them how special they are.<br> <br>

On a serious note: I don't follow this article very well with all the acronyms being spelled out but not explained, and no background knowledge of anything going on here. If someone would care to explain what is going on here to someone that has never heard the term CA, you should get a +5 informative easily.</htmltext>
<tokenext>For those of you who are wondering what CA is , it stands for Certificate Authority .
You see , the Germans have a hard time functioning without a constant stream of praise , so they have this authority in place that prints and sends certificates to people .
Every day thousands of Germans get congratualted for crossing the street , for finding their car keys or for eating their 1000th potato of the month .
You know you 've walked into a German household when you see the wallpaper of framed certificates .
The problem here is that the company deleted the certificate-printing program since they thought someone was trying to hack in and print more certificates for themselves- no one is THAT special so they had to stop him .
They forgot to have another program ready to print more certificates , so now Germany is under threat of entering a depression since they no longer get certificates telling them how special they are .
On a serious note : I do n't follow this article very well with all the acronyms being spelled out but not explained , and no background knowledge of anything going on here .
If someone would care to explain what is going on here to someone that has never heard the term CA , you should get a + 5 informative easily .</tokentext>
<sentencetext>For those of you who are wondering what CA is, it stands for Certificate Authority.
You see, the Germans have a hard time functioning without a constant stream of praise, so they have this authority in place that prints and sends certificates to people.
Every day thousands of Germans get congratualted for crossing the street, for finding their car keys or for eating their 1000th potato of the month.
You know you've walked into a German household when you see the wallpaper of framed certificates.
The problem here is that the company deleted the certificate-printing program since they thought someone was trying to hack in and print more certificates for themselves- no one is THAT special so they had to stop him.
They forgot to have another program ready to print more certificates, so now Germany is under threat of entering a depression since they no longer get certificates telling them how special they are.
On a serious note: I don't follow this article very well with all the acronyms being spelled out but not explained, and no background knowledge of anything going on here.
If someone would care to explain what is going on here to someone that has never heard the term CA, you should get a +5 informative easily.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551</id>
	<title>Wrong Title, Wrong summary</title>
	<author>Anonymous</author>
	<datestamp>1247588640000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>Once again, misleading title to a different summary.<br>For fuck's sake, the Germans didn't lose the key.<br>The SSL Root CA lost that.<br>Get the facts right.<br>For a second i was wondering how Germans could that stupid. That is unlike the Germany i know. And exactly as i suspected, the German insurer had been insisting the root CA for backup while the CA thought it was unnecessary.<br>Is it the German company's fault?</p><p>
&nbsp;</p></htmltext>
<tokenext>Once again , misleading title to a different summary.For fuck 's sake , the Germans did n't lose the key.The SSL Root CA lost that.Get the facts right.For a second i was wondering how Germans could that stupid .
That is unlike the Germany i know .
And exactly as i suspected , the German insurer had been insisting the root CA for backup while the CA thought it was unnecessary.Is it the German company 's fault ?
 </tokentext>
<sentencetext>Once again, misleading title to a different summary.For fuck's sake, the Germans didn't lose the key.The SSL Root CA lost that.Get the facts right.For a second i was wondering how Germans could that stupid.
That is unlike the Germany i know.
And exactly as i suspected, the German insurer had been insisting the root CA for backup while the CA thought it was unnecessary.Is it the German company's fault?
 </sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691793</id>
	<title>I'm confused</title>
	<author>Candid88</author>
	<datestamp>1247589600000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><blockquote><div><p>card lost its secret private key during a test enrollment</p></div></blockquote><p>I'm confused, isn't this sort of problem exactly why you carry out system tests?</p><p>Sending out new cards to card testers during a systems test is hardly extraordinary.</p></div>
	</htmltext>
<tokenext>card lost its secret private key during a test enrollmentI 'm confused , is n't this sort of problem exactly why you carry out system tests ? Sending out new cards to card testers during a systems test is hardly extraordinary .</tokentext>
<sentencetext>card lost its secret private key during a test enrollmentI'm confused, isn't this sort of problem exactly why you carry out system tests?Sending out new cards to card testers during a systems test is hardly extraordinary.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691733</id>
	<title>Re:Could be worse</title>
	<author>Animats</author>
	<datestamp>1247589420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
Mod parent up.  In the serious crypto world, this is a good thing, provided it doesn't happen too often.  Sometimes you're going to lose a key, because, for security reasons, you don't keep extra copies.  You have a procedure for issuing new keys when this happens, which you're routinely doing anyway.</p></htmltext>
<tokenext>Mod parent up .
In the serious crypto world , this is a good thing , provided it does n't happen too often .
Sometimes you 're going to lose a key , because , for security reasons , you do n't keep extra copies .
You have a procedure for issuing new keys when this happens , which you 're routinely doing anyway .</tokentext>
<sentencetext>
Mod parent up.
In the serious crypto world, this is a good thing, provided it doesn't happen too often.
Sometimes you're going to lose a key, because, for security reasons, you don't keep extra copies.
You have a procedure for issuing new keys when this happens, which you're routinely doing anyway.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691609</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692259</id>
	<title>Re:Oh c'mon, be fair!</title>
	<author>Opportunist</author>
	<datestamp>1247591580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If everything fails, keep browsing through various pages trading in that stuff, you'll eventually find it...</p></htmltext>
<tokenext>If everything fails , keep browsing through various pages trading in that stuff , you 'll eventually find it.. .</tokentext>
<sentencetext>If everything fails, keep browsing through various pages trading in that stuff, you'll eventually find it...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691819</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691759</id>
	<title>Let me see your SLAs</title>
	<author>geomobile</author>
	<datestamp>1247589480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfils this obligation is its own responsibility."</p></div></blockquote><p><nobr> <wbr></nobr>...at that moment someone handed him the SLAs at which point he turned white, muttered something about an important meeting and was never heard of since.</p></div>
	</htmltext>
<tokenext>Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys .
" We did not decide against a back-up service .
The fact of the matter is that the service provider took over the running of the test system , so it also has to warrant its continuous operation .
How it fulfils this obligation is its own responsibility .
" ...at that moment someone handed him the SLAs at which point he turned white , muttered something about an important meeting and was never heard of since .</tokentext>
<sentencetext>Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys.
"We did not decide against a back-up service.
The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation.
How it fulfils this obligation is its own responsibility.
" ...at that moment someone handed him the SLAs at which point he turned white, muttered something about an important meeting and was never heard of since.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694375</id>
	<title>Does German work like English?</title>
	<author>russotto</author>
	<datestamp>1247600280000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext> "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."'

If this were originally in English, it would mean "We knew this would happen and we tried to tell them, but those arrogant SOBs thought they knew it all and didn't want to listen to us.  So we shut up, pulled up a chair, got some popcorn, and waited for the fireworks".  I'm not sure that translates, though...</htmltext>
<tokenext>" We did not decide against a back-up service .
The fact of the matter is that the service provider took over the running of the test system , so it also has to warrant its continuous operation .
How it fulfills this obligation is its own responsibility .
" ' If this were originally in English , it would mean " We knew this would happen and we tried to tell them , but those arrogant SOBs thought they knew it all and did n't want to listen to us .
So we shut up , pulled up a chair , got some popcorn , and waited for the fireworks " .
I 'm not sure that translates , though.. .</tokentext>
<sentencetext> "We did not decide against a back-up service.
The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation.
How it fulfills this obligation is its own responsibility.
"'

If this were originally in English, it would mean "We knew this would happen and we tried to tell them, but those arrogant SOBs thought they knew it all and didn't want to listen to us.
So we shut up, pulled up a chair, got some popcorn, and waited for the fireworks".
I'm not sure that translates, though...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28700613</id>
	<title>in charge</title>
	<author>Tom</author>
	<datestamp>1247598840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>How it fulfills this obligation is its own responsibility.</p></div><p>bzzzt. wrong.</p><p>If you're the guy in charge, it's your duty to make sure things work. You can leave specifics to the contrator if you are sure, but as the saying goes, you can not delegate or outsource responsibility.</p></div>
	</htmltext>
<tokenext>How it fulfills this obligation is its own responsibility.bzzzt .
wrong.If you 're the guy in charge , it 's your duty to make sure things work .
You can leave specifics to the contrator if you are sure , but as the saying goes , you can not delegate or outsource responsibility .</tokentext>
<sentencetext>How it fulfills this obligation is its own responsibility.bzzzt.
wrong.If you're the guy in charge, it's your duty to make sure things work.
You can leave specifics to the contrator if you are sure, but as the saying goes, you can not delegate or outsource responsibility.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691999</id>
	<title>A drop in voltage?</title>
	<author>Anonymous</author>
	<datestamp>1247590500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>"the firm's managing director, told heise online that following a voltage drop, something happened in D-Trust's "Trustcenter" that does occasionally occur"

You cannot even say what's worse: A voltage drop even reaching the HSM or the HSM  going suicidal and loosing the key. And all of that "occasionally"? Everytime they make popcorn in the microwave? As a german I am quite flabbergasted by this lack of german engineering, in one of the countries largest trust-centers.</htmltext>
<tokenext>" the firm 's managing director , told heise online that following a voltage drop , something happened in D-Trust 's " Trustcenter " that does occasionally occur " You can not even say what 's worse : A voltage drop even reaching the HSM or the HSM going suicidal and loosing the key .
And all of that " occasionally " ?
Everytime they make popcorn in the microwave ?
As a german I am quite flabbergasted by this lack of german engineering , in one of the countries largest trust-centers .</tokentext>
<sentencetext>"the firm's managing director, told heise online that following a voltage drop, something happened in D-Trust's "Trustcenter" that does occasionally occur"

You cannot even say what's worse: A voltage drop even reaching the HSM or the HSM  going suicidal and loosing the key.
And all of that "occasionally"?
Everytime they make popcorn in the microwave?
As a german I am quite flabbergasted by this lack of german engineering, in one of the countries largest trust-centers.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28699029</id>
	<title>Re:An HSM That Requires Continuous Power?</title>
	<author>ToasterMonkey</author>
	<datestamp>1247583240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The article says voltage drop, not loss of power.   The whole point of using an HSM instead of software is so that it does this stuff.  It must dump sensitive material or otherwise self destruct when an attack is detected.  Someone may have been trying to steal it, while keeping it powered on for all it knew (I've never heard of that, but I know it can't be impossible).  Normally, to power one of these things back on, you'd need multiple keys &amp; pins, each given to different people.</p><p>Besides, the internal batteries in these things don't last forever, the keys should always be backed up properly.  That can be done securely and fairly easily, so I really wonder what their excuse is.</p></htmltext>
<tokenext>The article says voltage drop , not loss of power .
The whole point of using an HSM instead of software is so that it does this stuff .
It must dump sensitive material or otherwise self destruct when an attack is detected .
Someone may have been trying to steal it , while keeping it powered on for all it knew ( I 've never heard of that , but I know it ca n't be impossible ) .
Normally , to power one of these things back on , you 'd need multiple keys &amp; pins , each given to different people.Besides , the internal batteries in these things do n't last forever , the keys should always be backed up properly .
That can be done securely and fairly easily , so I really wonder what their excuse is .</tokentext>
<sentencetext>The article says voltage drop, not loss of power.
The whole point of using an HSM instead of software is so that it does this stuff.
It must dump sensitive material or otherwise self destruct when an attack is detected.
Someone may have been trying to steal it, while keeping it powered on for all it knew (I've never heard of that, but I know it can't be impossible).
Normally, to power one of these things back on, you'd need multiple keys &amp; pins, each given to different people.Besides, the internal batteries in these things don't last forever, the keys should always be backed up properly.
That can be done securely and fairly easily, so I really wonder what their excuse is.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691543</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692651</id>
	<title>Best practices</title>
	<author>Anonymous</author>
	<datestamp>1247593260000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Best practices about CA management says you should have your secret key in a (physical) safe. Better yet, divide it in two pieces and put it along the passphrase in three different safes (part1+pass,part2+pass,part1+part2), so you can't lose key access even if you lose one safe, and nobody can take the key by opening a single safe.</p></htmltext>
<tokenext>Best practices about CA management says you should have your secret key in a ( physical ) safe .
Better yet , divide it in two pieces and put it along the passphrase in three different safes ( part1 + pass,part2 + pass,part1 + part2 ) , so you ca n't lose key access even if you lose one safe , and nobody can take the key by opening a single safe .</tokentext>
<sentencetext>Best practices about CA management says you should have your secret key in a (physical) safe.
Better yet, divide it in two pieces and put it along the passphrase in three different safes (part1+pass,part2+pass,part1+part2), so you can't lose key access even if you lose one safe, and nobody can take the key by opening a single safe.</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692935
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28700891
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692133
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692691
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693305
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694535
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692043
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693861
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691943
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691627
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691733
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691609
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692743
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691649
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691543
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692259
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691819
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691533
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28699029
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691543
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28696271
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695319
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692651
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692947
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28698223
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691793
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695037
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692133
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695315
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692341
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691609
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28696759
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692133
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28700173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692573
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691609
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694711
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691819
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691533
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692183
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_14_150243_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693087
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691533
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691819
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692259
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694711
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694551
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691543
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28699029
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691649
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692651
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695319
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28696271
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691999
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691609
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691733
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692341
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692573
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691949
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691551
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28700173
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692743
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693305
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692043
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693087
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691943
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692183
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694535
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691627
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692947
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28694375
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691709
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692691
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28693861
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695315
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692935
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691759
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28692133
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28700891
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28695037
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28696759
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691729
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691591
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691693
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_14_150243.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28691793
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_14_150243.28698223
</commentlist>
</conversation>
