[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Recommendation on subject matching rules needed..

To: <ietf-pkix@xxxxxxx>
Subject: RE: Recommendation on subject matching rules needed..
From: "Vainikainen Saku EINT" <Saku.Vainikainen@xxxxxxxx>
Date: Tue, 11 Mar 2003 17:26:25 +0200
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcLn1NcX1zR/JHV5R/CwaoHtBJXxwgAARE7Q
Thread-topic: Recommendation on subject matching rules needed..


> I don't follow the logic here... If hash of issuer+serial is 
> used, won't the same issue happen upon revalidation of the 
> key pair (that is, when the original certificate expires)? Or 
> am I more or less required to do a key replacement operation 
> (or changeover, or whatever the correct terminology is) at that point?

As far as I have understood, we cannot modify the cert (eg. do a rekey)
without changing the serial number, ie. we have to issue a new
certificate if we do any changes in the contents.

Again the passport analogy - if your name changes, you need a new
passport. If you want to change your passport photo, you need a new
passport. If your passport expires, you need a new passport, etc..

This is why I would like to see some rules on matching the user and the
key instead of doing the matching based on issuer+serno, cert hash or
other hash derivatives.

Saku.

Prev by Date: RE: Recommendation on subject matching rules needed..
Next by Date: RE: Recommendation on subject matching rules needed..
Previous by thread: RE: Recommendation on subject matching rules needed..
Next by thread: RE: Recommendation on subject matching rules needed..
Index(es):
- Date
- Thread