[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: self-signed TSA [Was Re: Private Key Cloning]

To: <ietf-pkix@xxxxxxx>
Subject: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
From: "Peter Lipp" <Peter.Lipp@xxxxxxx>
Date: Thu, 22 Jun 2000 11:24:15 +0200
Importance: Normal
In-reply-to: <>

> I'm not convinced it's bad to issue self-signed TSA certificate.
> I'm just saying it might not be a great idea.
Agree. I don't see the big advantage. For one, if I want to trust a CA I
need to go through whatever steps are appropriate. If the CA
offers/recommends/uses a TSA, it can give me a certificate for the TSA and -
having already decided to trust the CA - it is simple to verify the
certificate and decide to trust the TSA too. So what does the self-signed
TSA cert buy me besides the need to go through the trust decisions again?
Now consider revocation - do you really suggest to set up a separate
revocation-scheme for the TSA? I simply don't see any advantage here...

Peter

Follow-Ups:
- Re: AW: self-signed TSA [Was Re: Private Key Cloning]
  - From: Rich Salz

References:
- Re: AW: self-signed TSA [Was Re: Private Key Cloning]
  - From: Jean-Marc Desperrier

Prev by Date: RE: AW: self-signed TSA [Was Re: Private Key Cloning]
Next by Date: Re: certification for pki
Previous by thread: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Next by thread: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Index(es):
- Date
- Thread