[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Normative reference for 'CA rollover'?
Believe it or not, the new-in-old and old-in-new procedure is
documented in CMP. Many people fail to find it there. Perhaps it
should be extracted from there and published as a BCP.
At 10:47 AM 4/2/2009, max pritikin wrote:
I'm looking for a normative reference describing how a CA would
'rollover' to a new keypair or 'modified' certificate.
RFC5280 includes the following statements about 'rollover', here
quoted with minimal context:
18.104.22.168 Name Contraints:
"Name constraints are not applied to self-issued certificates
the certificate is the final certificate in the path). (This could
prevent CAs that use name constraints from employing self-issued
certificates to implement key rollover.)"
6.1. Basic Path Validation:
"A certificate is self-issued if the same DN appears in the subject
and issuer fields (the two DNs are the same if they match according
to the rules specified in Section 7.1). In general, the issuer and
subject of the certificates that make up a path are different for
each certificate. However, a CA may issue a certificate to itself
support key rollover or changes in certificate policies. These
self-issued certificates are not counted when evaluating path length
or name constraints."
8. Security Considerations:
"Loss of a CA's private signing key may also be problematic. The CA
would not be able to produce CRLs or perform normal key rollover."
But it does not include a recommended description of this rollover
RFC3647 does not mention rollover at all, although it does define
'renewal' and 'rekey'.
I can find informative discussions of rollover for various CA's
Can somebody point me in the right direction? Is there a normative
reference or should I be able to infer the "correct" behavior from end
entity rekey discussions as per the above notes?