[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Recommendation on subject matching rules needed..

To: ietf-pkix@xxxxxxx, Saku.Vainikainen@xxxxxxxx
Subject: Re: Recommendation on subject matching rules needed..
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Wed, 12 Mar 2003 00:53:19 +1300
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

"Vainikainen Saku EINT" <Saku.Vainikainen@xxxxxxxx> writes:

>It seems that all the software we have tested (eg. MSoft, Utimaco)

Everyone, not just those two.

>tend to do somekind of binary comparison (hash values I suppose) 

issuerAndSerialNumber.

>The only problem is that the encryption key pair may have been
>recertified in between.

Therein lies the problem: Don't issue multiple certificates for the
same key.  If you "recover the archived encryption keypair" why not
recover the cert that goes with it?

(NB: Saying "We need to be able to issue a new encryption cert because
 we revoke the old one" isn't valid because the private key is still in
 use, so revoking the old cert is pointless).

Peter.

Follow-Ups:
- RE: Recommendation on subject matching rules needed..
  - From: Olle Mulmo

Prev by Date: Recommendation on subject matching rules needed..
Next by Date: RE: Certificate Policies (was Re: Trivial PKI Question)
Previous by thread: Re: Recommendation on subject matching rules needed..
Next by thread: RE: Recommendation on subject matching rules needed..
Index(es):
- Date
- Thread