[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Message protection and key update

To: "PKIX Mailing List" <ietf-pkix@xxxxxxx>
Subject: Message protection and key update
From: "Christopher Williams" <ccwilliams@xxxxxxxxxxxx>
Date: Thu, 4 May 2000 16:53:04 +0100

Consider the following scenario:

I am enrolled in a PKI and have a signing-key pair that I wish to update.  I
send a key update request containing a new public key.  I sign the message
using my old private key.  The request is granted by the CA so I send a
certificate confirm message.

I assume that I sign this message with my NEW private key.  Is this correct?

Also, does this signature provide implicit POP of the private key?  After
all, the signature is over the hash of a certificate containing the matching
public key.  If it does provide implicit POP, should the POP options be
expanded?

Christopher Williams

Software engineer, NetLexis Ltd.
Solutions for secure electronic commerce
http://www.netlexis.com

Prev by Date: RE: I-D ACTION:draft-salzr-ldap-repsig-00.txt
Next by Date: RE: Message protection and key update
Previous by thread: Unmistakable identity
Next by thread: RE: Message protection and key update
Index(es):
- Date
- Thread