[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Dedicated CRL signing keys

To: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>, Santosh Chokhani <chokhani@xxxxxxxxxxxx>
Subject: RE: Dedicated CRL signing keys
From: Santosh Chokhani <chokhani@xxxxxxxxxxxx>
Date: Thu, 26 Apr 2001 16:47:44 -0400
Cc: ietf-pkix@xxxxxxx

Russ: Will a CA that signs the certificates and CRLs using different keys, but same Issuer DN be considered compliant? If yes, then we agree.

-----Original Message-----
From: Housley, Russ [mailto:rhousley@xxxxxxxxxxxxxxx]
Sent: Thursday, April 26, 2001 4:36 PM
To: Santosh Chokhani
Cc: ietf-pkix@xxxxxxx
Subject: RE: Dedicated CRL signing keys

Santosh:

Optional is sufficient. It should NOT be mandatory to have separate signing keys for certificates and CRLs.
Thanks. I think we agree.

If CAs issue CRLs, then the CA can sign certificates and CRLs with the same key, or the CA can use separate keys.

Certificate-using applications must be able to handle certificates and CRLs signed by the same key. Certificate-using applications may handle CRLs signed by a different key than the certificates.

If you agree with this position, then we agree.

Russ

Follow-Ups:
- RE: Dedicated CRL signing keys
  - From: Housley, Russ

Prev by Date: RE: Dedicated CRL signing keys
Next by Date: [no subject]
Previous by thread: RE: Dedicated CRL signing keys
Next by thread: RE: Dedicated CRL signing keys
Index(es):
- Date
- Thread