[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is privateKeyUsagePeriod deprecated?

To: Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>
Subject: Re: Why is privateKeyUsagePeriod deprecated?
From: Michael Ströder <michael@xxxxxxxxxxxx>
Date: Tue, 22 Jul 2003 17:49:38 +0200
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030626

Peter Gutmann wrote:


Yes, because they want to use the signing key (relatively) short-term, but be
able to verify sigs using the public portion years after the private portion
has been retired/destroyed/lost/whatever.

Again I'm astonished to see this discussion here. It shows like other discussed topic how much disagreement is here about very basic topics.

Personally I see no use of PKUP extension. How long signatures created with a private key associated with a PKC can be validated should not be specified in a public-key certificate. The more natural solution to me is to specify this in the policy and cryptographic protocol used for signing the message.

Ciao, Michael.

Follow-Ups:
- Re: Why is privateKeyUsagePeriod deprecated?
  - From: Gregory S. Chudov

References:
- Re: Why is privateKeyUsagePeriod deprecated?
  - From: Peter Gutmann

Prev by Date: RE: Why is privateKeyUsagePeriod deprecated?
Next by Date: RE: draft-ietf-pkix-certpathbuild-00.txt
Previous by thread: Re: Why is privateKeyUsagePeriod deprecated?
Next by thread: Re: Why is privateKeyUsagePeriod deprecated?
Index(es):
- Date
- Thread