[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Online Certificate Revocation Protocol

To: azb@xxxxxxxx, hansenw@xxxxxxxxxx
Subject: Re: Online Certificate Revocation Protocol
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Sun, 10 Jun 2001 23:54:45 (NZST)
Cc: ietf-pkix@xxxxxxx, pgut001@xxxxxxxxxxxxxxxxx, rhousley@xxxxxxxxxxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Reply-to: pgut001@xxxxxxxxxxxxxxxxx
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Tony Bartoletti <azb@xxxxxxxx> writes:

>Assuming that the entity which lost their private key wanted another
>certificate with a new key pair but wanted the same name. What would
>happen if their were two certificates in existance with the same name?
>Wouldn't the CA not allow this? 

CMP already does this via key update request handling, which issues a new cert 
which duplicates an existing one (and having had to implement this I can tell 
you that it's a right bastard to do if your CA has built-in security rules to 
prevent this situation from occurring).

Peter.

Follow-Ups:
- Re: Online Certificate Revocation Protocol
  - From: Tony Bartoletti

Prev by Date: Re: Online Certificate Revocation Protocol
Next by Date: RE: Online Certificate Revocation Protocol
Previous by thread: Re: Online Certificate Revocation Protocol
Next by thread: Re: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread