[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] Multiple certificates for same key?

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] Multiple certificates for same key?
From: Stephen Kent <kent@xxxxxxx>
Date: Wed, 4 Mar 1998 09:21:50 -0500
Approved-by: Stephen Kent <kent@BBN.COM>
In-reply-to: <s4fc4889.007@novell.com>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

Bob,

Ignoring issues of non-repudiation (for which only some certs may be
employed), it may be reasonable for two certs to hold the same public key.
For example, A CA may choose to have a short validity interval to ease CRL
management, but not require users to generate and transmit new key pairs to
match the interval.  In that case, the CA can merely re-certify the old key
and reissue a cert with a new serial number and the same name, and probably
all the other attributes would be the same as well.

Steve

Prev by Date: Re: [IETF-PKIX] Multiple certificates for same key?
Next by Date: Re: [IETF-PKIX] Multiple certificates for same key?
Previous by thread: Re: [IETF-PKIX] Multiple certificates for same key?
Next by thread: Re: [IETF-PKIX] Multiple certificates for same key?
Index(es):
- Date
- Thread