[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Dedicated CRL signing keys

To: Santosh Chokhani <chokhani@xxxxxxxxxxxx>
Subject: RE: Dedicated CRL signing keys
From: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>
Date: Thu, 26 Apr 2001 16:35:49 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>

Santosh:

Optional is sufficient. It should NOT be mandatory to have separate signing keys for certificates and CRLs.
Thanks. I think we agree.

If CAs issue CRLs, then the CA can sign certificates and CRLs with the same key, or the CA can use separate keys.

Certificate-using applications must be able to handle certificates and CRLs signed by the same key. Certificate-using applications may handle CRLs signed by a different key than the certificates.

If you agree with this position, then we agree.

Russ

References:
- RE: Dedicated CRL signing keys
  - From: Santosh Chokhani

Prev by Date: Re: keyCertSign and cRLSign Key Usage Bits
Next by Date: RE: Dedicated CRL signing keys
Previous by thread: RE: Dedicated CRL signing keys
Next by thread: RE: Dedicated CRL signing keys
Index(es):
- Date
- Thread