[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IETF-PKIX] Multiple certificates for same key?

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: [IETF-PKIX] Multiple certificates for same key?
From: Dwight Arthur <dwightarthur@xxxxxxxxxxxxxx>
Date: Mon, 9 Mar 1998 17:12:56 -0500
Approved-by: Dwight Arthur <dwightarthur@MINDSPRING.COM>
References: <199803050510.AAA32321@listserv.temple.edu>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

If I understand correctly, there is a scenario for cross-certification
whereby I retrieve your public key from a directory (where it may be
stored as a key, or it may be sealed into a certificate) and then I
issue a certificate containing your public key signed by me.

If this is accurate, it follows that there will be many certificates
extant containing the same public key.

Another issue: any ambiguity which may proceed from the intentional
issuance of two different certs against one key pair, will also apply
whenever random processes or operational errors produce identical key
pairs for different users. Although we can prefer that this not happen
we cannot prevent it by mandate, therefore the infrastructure must be
sufficiently robust that it not fail when this condition is encountered.

-Dwight

Prev by Date: Re: [IETF-PKIX] Multiple certificates for same key?
Next by Date: [IETF-PKIX] registering company object identifiers
Previous by thread: Re: [IETF-PKIX] Multiple certificates for same key?
Next by thread: Re: [IETF-PKIX] Multiple certificates for same key?
Index(es):
- Date
- Thread