[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Online Certificate Revocation Protocol

To: pgut001@xxxxxxxxxxxxxxxxx, hansenw@xxxxxxxxxx
Subject: Re: Online Certificate Revocation Protocol
From: Tony Bartoletti <azb@xxxxxxxx>
Date: Mon, 11 Jun 2001 11:23:05 -0700
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Peter,

You are "quoting" (indenting?) Hansen Wangs words, not mine.
(Darn Software :)

___tony___

At 11:54 PM 6/10/01 +0000, Peter Gutmann wrote:

Tony Bartoletti <azb@xxxxxxxx> writes:
>Assuming that the entity which lost their private key wanted another
>certificate with a new key pair but wanted the same name. What would
>happen if their were two certificates in existance with the same name?
>Wouldn't the CA not allow this?
CMP already does this via key update request handling, which issues a new cert which duplicates an existing one (and having had to implement this I can tell you that it's a right bastard to do if your CA has built-in security rules to prevent this situation from occurring).

Peter.


Tony Bartoletti 925-422-3881 <azb@xxxxxxxx>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900

References:
- Re: Online Certificate Revocation Protocol
  - From: Peter Gutmann

Prev by Date: RE: Online Certificate Revocation Protocol
Next by Date: Re: Online Certificate Revocation Protocol
Previous by thread: Re: Online Certificate Revocation Protocol
Next by thread: RE: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread