Re: Certificate Policies (was Re: Trivial PKI Question)

[Al Arsenault <awa1@xxxxxxxxxxx>]

----- Original Message -----
From: "Margus Freudenthal" <margus@xxxxxxxx>
To: <ietf-pkix@xxxxxxx>
Sent: Thursday, March 13, 2003 3:54 AM
Subject: Re: Certificate Policies (was Re: Trivial PKI Question)


><snip>
> * When using multiple CA-s, what prevents you from issuing multiple
> certificates to the same key?
>

>From a technical standpoint, typically nothing prevents this.  It's not
commonly done because:

    a.  There's more of a management problem; e.g., if the key is ever
compromised for whatever reason, you have to track down ALL of the
certificates it was bound to and revoke them;  and

    b.  Policies typically restrict it.

But it could easily be done (and has in some specialized cases).

                Al Arsenault
                Chief Security Architect
                Diversinet Corp.