Re: [IETF-PKIX] Multiple Certificates

[Stephen Kent <kent@xxxxxxx>]

Folks,

Here is my take on the multiple certs with the same key issue:

        - there are legitimate circumstances when this will happen, e.g.,
unidirectional cross-certification and cert reissuance

        - there are circumstances where this is a terrible idea, e.g.,
conflicting key usage constraints or in some non-repudiation contexts

        - some complaints about the problem in a non-repudiation context
are overblown, i.e., one can argue that if you manage to have the same key
in multiple certs with different liability or authorization implications,
then a "relying party" can produce the cert of its choice to substantiate
why a signed message/document was accepted and in many cases the user will
not be able to refute this assertion.  in such cases, the user gets what he
deserves for having  allowed a key to be legitimately, multiply certified!

        - most software we use today avoids this problem, by default, as do
some (most) crypto tokens

        - smart cards may want to make use of this feature because of
storage limitations

        - a CA who insists on not multiplying certifying a key should state
so in a CPS, and/or embody technical measures o minimize the likelihood
that this will happen

        - it would be hard to enumerate the circumstances where multiple
certification it's OK, vs. not OK

Thus, I am not persuaded that we need to preclude multiple certification of
a publci key in PKIX, but I am in favor of including a brief warning about
the possiboe pitfalls of this practice, and a suggestion that this practice
be avoided for end user certs in mosy circumstances.


Steve