[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] Multiple certificates for same key?

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] Multiple certificates for same key?
From: Russ Housley <housley@xxxxxxxxxx>
Date: Thu, 5 Mar 1998 18:50:27 -0500
Approved-by: Russ Housley <housley@SPYRUS.COM>
In-reply-to: <>
References: <>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

At 06:32 PM 3/5/98 +0200, Mark Shuttleworth wrote:
>> Let's get this straight -- the key is the identity,
>> your name is a handle.  If liberty means anything, you
>> can call yourself what you want hence identity-to-handle
>> mapping will be many to many.  The tradeoff is your
>> complexity eval of managing O(10**2) keys versus your
>> exposure eval of published cross correlation of the key
>> sharing amongst certs.
>
>Gotta disagree.  The name is your identity (and potentially your
>authority).  The key is merely a way to tie an action (signature) to that
>identity.  The problem is tht one-key-many-certs can mean that an action
>is tied to multiple identities.  It's not a huge problem.
>
If a certificate includes more than one AltSubjectName, then action is tied
to multiple identities using one certificate.  Why is it a problem that the
same thing can be accomplished with more than one certificate.

Russ

References:
- Re: [IETF-PKIX] Multiple certificates for same key?
  - From: Dan Geer
- Re: [IETF-PKIX] Multiple certificates for same key?
  - From: Mark Shuttleworth

Prev by Date: Re: [IETF-PKIX] Multiple Certificates
Next by Date: Re: [IETF-PKIX] Multiple certificates for same key?
Previous by thread: Re: [IETF-PKIX] Multiple certificates for same key?
Next by thread: Re: [IETF-PKIX] Multiple certificates for same key?
Index(es):
- Date
- Thread