Re: Online Certificate Revocation Protocol

[Hansen Wang <hansen.wang@xxxxxxxx>]

  Tony Bartoletti wrote:

  > I don't think so.  X.509 supports "key-implies-name".  You are
suggesting
  > that it also supports "name-implies-key".  I don't believe there is
such a
  > restriction in general (although a CA may decide per policy).
  > 
  > Is there some specific threat enabled if the key/name relation is
many-to-one?

  Mr Jonathan W Jenkyn wrote:
  > 
  > What is it you are trying to guard against here? Is it that the CSP
would be
  > confused by the existence of two certificates with the same Subject
and
  > Issuing DN? The inclusion of
SubjectKeyIdentifier/AuthorityKeyIdentifier
  > would guard against this, and would still allow the client to have a
  > certificate with the same DN. Also the Serial number should also be
  > distinct, providing a visible mechanism for recipients of the
certificate to
  > discern between the two certificates.

OK, I get it now. 

> After consideration, if the client had 2 key pairs one for signing/verify,
> the other for decrypt/encrypt (the latter also held by the clients
> organisation). Could not the clients organisation (under an instruction from
> the client) request that the original signing key pair be revoked by
> utilising the decrypting/encrypting key pair? Thereby passing responsibility
> for revocation validation to the clients organisation (a better form of
> authentication than a hotline!).
> 

But wouldn't the client keep both key pairs in the same host/computer
and so if the host/computer were stolen, both private keys would be
unavailable. -A reason to make a backup of the private key where
possible? 

Hansen