Re: [IETF-PKIX] Multiple certificates for same key?

["David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>]

> From: lars.gu.johansson@posten.se
>
> Some people have argued that there's too many security risks
> involved when dealing with multiple certificates of the same
> key that it should be prohibited (or at least not recommended :-).
> I could give you many reasons why there shouldn't be any such
> restrictions but let me just give you an alternative perspective.

Please list some reasons for preferring multiple certificates per
key - that is one of the critical items of information missing from
the discussion so far.

What precisely are the three or four most important advantages of
multiple certification of keys?  Saving memory on tokens has already
been mentioned.


> In my point of view, multiple certificates of the same public key
> is not the problem. I think this is entirely a policy issue. The
> problem is instead storing of the private keys in software.
>
> In the Swedish electronic ID-card project (www.seis.se) the
> private keys are centrally generated by the CA and stored in
> the key-holders smart card. The RSA operations are performed
> on the chip so the private key never leaves the card. It is even
> unknown to the key-holder. This is of course stated in the CA's
> policy and CPS.

Private key storage mechanisms and multiple certificates are
separate issues.  When you have one security weakness (software
key storage) it tends to exacerbate security problems in other
areas (multiple certification).  But saying (or requiring) keys
to always be stored on tokens does not make the other problems
go away.  Sure, the private key(s) cannot be extracted from the
token without perhaps destructive reverse engineering.  But the
token can still be used by malicious applications to sign things
the user didn't intend to have signed.  The only way to prevent
that is to allow segregation of keys by purpose, and not store
the sensitive keys on tokens that will be highly exposed.