Re: [IETF-PKIX] Multiple certificates for same key?

[Bill Burr <william.burr@xxxxxxxx>]

At 04:45 PM 3/4/98 -0500, you wrote:
>> From: Bill Burr <william.burr@NIST.GOV>
>>
>> If I have 50 or 100 certificates, each with some particular attributes
>> bound with my keys, one for the auto club, one for the New York Times
>> on-line, one for every pay site I subscribe to, etc., and I want to carry
>> them around on my token and use them at home and at work, etc., maybe I've
>> got a problem.
>>
>> Is does seem to me to simplify my life to use one key to sign everything;
>> after all, I don't sign my name differently when I use my AMEX card than
>> when I use my Visa.   This makes sense if we separate attributes from
>> identity and use X9 style attribute certificates, that don't contain a key.
>>  I'm far from convinced that such attribute certificates are practical.
>
>I believe the analogy is flawed.  When you use your AMEX card, the
>information extracted from the magstripe is different than the
>information on your Visa magstripe.  You use the same handwritten
>signature to authorize both cards, just as you use the same PIN to
>activate your token.
>
>I always cringe when people use the word "certificate" to mean both a
>public key certificate and the associated private data, but from an
>ergonomic point of view, there isn't much difference.  When you select
>an X.509 certificate in your web browser to sign a message, the browser
>automatically uses the private key associated with that certificate.
>If you have 50 or 100 certificates to choose from, you have to choose
>once, but you don't have to choose again to get the proper private key;
>that part is automatic.
>
>And if a token can store n certificates of 1K-2K bytes each, adding an
>additional 128-256 bytes of private key for each certificate doesn't
>significantly change the number of certs that can be carried on
>the token.
>
>Dave Kemp
>
>


I can leave my certificates stored on a directory somewhere and access them
over the net when I want them.  I can have my file of certificates on the
disk of my machine at work, on my machine at home, on my laptop, carry it
around on a floppy disk, paste them on the wall, put them on my web site,
and so on. I can have 100 copies and leave them anywhere I want.

But, the key or keys I must protect.  I may want to carry them around on a
chip card in my wallet.  It may be more important to use that silicon to do
digital signatures and key agreement on the chip, so that the private key
never leaves the chip, than to store a large number of certificates and
separate keys.

I don't accept that the pin on my token is analogous to a handwritten
signature.  The AMEX card is analogous to the certificate, and my selecting
a particular certificate for use in a protocol, is apanages to picking my
AMEX rather than my VISA.  But, when I sign my transaction slip, I don't
sign differently for Amex than for Visa.  It's the same signature.

There may be, as bob Juneman suggests, a flaw in the definition of a
signature, which perhaps should be cryptographically bound to a particular
certificate.  But trying to do that by making an unenforceable rule of a
different key per certificate seems to me the wrong way to fix the problem.
Regards,

Bill Burr