[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Online Certificate Revocation Protocol

To: ietf-pkix@xxxxxxx
Subject: Re: Online Certificate Revocation Protocol
From: Marc Branchaud <marcnarc@xxxxxxxxxxxxxxx>
Date: Fri, 08 Jun 2001 17:29:46 -0700
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: RSA Security
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Santosh Chokhani wrote:
> 
> Destroying a private key used to generate signature may cause some
> operational grief in terms of getting a new key certified, but there is no
> need for that key any more and hence no revocation is needed.
> 

Except that "destruction" is not necessarily irrecoverable.  I would always
revoke, as a general rule, especially for highly sensitive (e.g. CA) keys.

		Marc

References:
- RE: Online Certificate Revocation Protocol
  - From: Santosh Chokhani

Prev by Date: Re: Online Certificate Revocation Protocol
Next by Date: Re: Online Certificate Revocation Protocol
Previous by thread: Re: Online Certificate Revocation Protocol
Next by thread: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread