[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] Multiple certificates for same key?

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] Multiple certificates for same key?
From: Bill Burr <william.burr@xxxxxxxx>
Date: Wed, 4 Mar 1998 16:27:04 -0500
Approved-by: jean.pawluk@TANDEM.COM
Comments: To: Bob Jueneman <BJUENEMAN@novell.com>
In-reply-to: <s4fd544e.058@novell.com>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

Bob,

But do we sign with a certificate, or with a key?  I don't think that key
and certificate are synonymous.  If the context of the certificate matters
to the signature, then I should include the certificate in the signed
message.

I would argue that a relying party needs to decide which one certificate it
is that he relying on, and check the status of that certificate before
relying on the signature.  Why do other certificates, whatever their key,
and whatever their status, matter?  And, if the Relying party is trying to
hold a CA or a signer responsible for damages, then why does he need to
worry about any other certificate than the one he relied upon?  If there
are other certificates for that key, and if some of them have been revoked,
why should it mater?

Of course, A CA might decide that it is prudent to contractually require
that a user not use a key that the CA certifies in other certificates.

I also hope that we're not creating some theory that says that I, as a
keyholder, can disclaim responsibility for my signature, because I used a
key it certified in a way that violated the CP under which a certificate
for that key was issued.

Has anyone observed in this discussion, that CAs themselves will probably
have dozens of certificates for the same key, if they cross-certify
broadly?  Surely someone must have.  Why is it OK for CAs but not
end-entities?



At 01:16 PM 3/4/98 -0700, you wrote:
>Hi, Blake,
>
>The original discussion included the more general question of issuing two
certificates containing the same key but including different attributes --
different DN, etc. Given the difficulty of distinguishing between two
certificates if they both contain the same key and therefore either could have
>been used to sign a document, I believe there may very well be subtle
legal issues that need to be considered, as I indicated.
>
>In addition to the risk management issue from the perspective of the
subscriber or the CA, there is also the question of the relying party's
risk with respect to CRLs, which is why I believe the subject needs to be
addressed within the CPS and perhaps the CA Accreditation Guidelines.
>
>But I probably play pretend-lawyer too much, so I'll defer to the real
experts.
>
>Bob
>
>>>> Blake Greenlee <blake.greenlee@internetMCI.com> 03/04 12:14 PM >>>
>Dear Bob et al:
>
>To re-issue a public key in a new certificate or not is a risk management
issue, not a legal issue. Doing this shouldn't be any more constrained than
to point out that fact.
>
>It is probably not much more of a risk to re-issue a public key in a new
certificate than to send out new CA public keys in a message signed by the
old CA private key. (That is, given algorithms of appropriate key lengths).
>
>Blake
>
>
>
>-----Original Message-----
>From:  Bob Jueneman [SMTP:BJUENEMAN@novell.com]
>Sent:  Wednesday, March 04, 1998 2:00 PM
>To:    digsig@vm.temple.EDU
>Cc:    kent@bbn.com; chokhani@cygnacom.com; froomkin@law.miami.EDU;
MERRILL@mccarter.com; pki-twg@nist.gov; wford@verisign.com; Michael Baum;
asaya.Alan.Asay@xmission.com
>Subject:       Fwd: Re: [IETF-PKIX] Multiple certificates for same key?
>
>There has been some discussion recently on the IETF-PKIX list
>regarding the wisdom of a CA reissuing a new certificate containing an old
public
>key -- in other words, issuing two certificates which contain the same key.
>
>I believe that this significantly complicates issues of certificate
revocation and
>nonrepudiation, and might have other legal consequences involving choice
of law issues
>and other considerations that are far from being immediately obvious.
>
>The subject arose originally in a discussion of the German digital
signature legislation.
>Although I haven't checked it, it might contain language that would
prohibit this
>practice -- I don't know.
>
>In any case, I think the issue is worth addressing from a legal and
legislative
>standpoint. In addition, as I said in the attached message to Steve Kent,
>I believe that the matter needs to be addressed in a CA's Certification
Practice
>Statement in order to provide a warning to a relying party, and it
probably ought
>to be addressed in the CA Accreditation Guidelines that are being
developed within
>the ABA Information Security Committee.
>
>Warwick Ford and Santosh Chokani, as the authors of the CPS Framework, and
the
>Federal PKI working group might also want to weigh in on this issue.
>
>I would be quite interested in any comments or feedback.
>
>Bob
>
>
>
>Robert R. Jueneman
>Security Architect
>Novell, Inc.
>Network Products Group
>122 East 1700 South
>Provo, UT 84604
>801/861-7387
>bjueneman@novell.com
>
>"If you are trying to get to the moon, climbing a tree,
>although a step in the right direction, will not prove
>to be very helpful."
>
>"The most dangerous strategy is to cross a chasm in two jumps."
>
> << Message: Re: [IETF-PKIX] Multiple certificates for same key? >>  <<
Message: Re: [IETF-PKIX] Multiple certificates for same key? >>
>
>
Regards,

Bill Burr

Prev by Date: Re: [IETF-PKIX] Multiple certificates for same key?
Next by Date: Re: [IETF-PKIX] OCSP draft 2
Previous by thread: Re: [IETF-PKIX] Multiple certificates for same key?
Next by thread: Re: [IETF-PKIX] Multiple certificates for same key?
Index(es):
- Date
- Thread