[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: self-signed TSA [Was Re: Private Key Cloning]

To: PKIX <ietf-pkix@xxxxxxx>
Subject: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
From: Rich Salz <rsalz@xxxxxxxxxxxxxxxx>
Date: Thu, 22 Jun 2000 21:24:04 -0400
References: <>

Aram:
> You shouldn't have to, although this is the model that most public CAs seem
> to push and/or encourage. As I mentioned, a possible solution is the the use
> of "anchor certificates".

Seems a little complicated.

I don't see why I have to introduce an extra entity involved, or extra certs
involved.

Stephen Kent:
> I've always asserted that self-signed certs are just a syntactic
> convenience, not a generally useful way of ensuring security for
> transmitted public keys.  If we agree on that point, then I don't see
> a lot of reason to push for self-signed TSA certs.

I don't agree.  As the service provider, why do I *have* to deal with
the management of two private keys.  It's way more than syntax.

We don't need to "push" anything.  We need to not prohibit it.
	/r$

Follow-Ups:
- Re: AW: self-signed TSA [Was Re: Private Key Cloning]
  - From: Stephen Kent

References:
- Re: AW: self-signed TSA [Was Re: Private Key Cloning]
  - From: Aram Perez

Prev by Date: Re: Do people have something against RSA?
Next by Date: RE: Private Key Cloning
Previous by thread: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Next by thread: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Index(es):
- Date
- Thread