[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: generation of private keys

To: carlisle.adams@xxxxxxxxxxx, azb@xxxxxxxx
Subject: RE: generation of private keys
From: Stefan Kelm <kelm@xxxxxxxxxx>
Date: Wed, 25 Nov 1998 10:57:20 +0100 (MET)
Cc: ietf-pkix@xxxxxxx
Reply-to: ietf-pkix@xxxxxxx
Sender: owner-ietf-pkix@xxxxxxx

Tony,

> >Interesting question.  My initial reaction is to wonder if a new certificate
> >extension is really the right solution for this.  If the CA generates the
> >key pair, it can certainly populate such an extension with confidence.
> >However, if the CA did not generate the key pair, how will it distinguish
> >between EE, RA, and "other" (i.e., how will it know (with certainty) who did
> >the actual key pair generation so that it can populate the extension)?
> >
> >Carlisle.
>
> It seems the most a CA could do is indicate either that it did, or did not
> generate the keypair, correct?

You're probably right. So it comes down to a boolean indicator. Do you agree
that such an indicator would be a useful enhancement?

If we don't use an extension, what other means would we have to indicate
the key generation location?

Cheers,

        Stefan.

______________________________________________________________________________
Stefan Kelm            PGP key: "finger kelm@www.pca.dfn.de" or via key server
DFN-PCA, University of Hamburg                               <kelm@pca.dfn.de>
Vogt-Koelln-Str. 30                               http://www.pca.dfn.de/~kelm/
22527 Hamburg (Germany)          Tel: +49 40 5494 2262 / Fax: +49 40 5494 2241

Follow-Ups:
- RE: generation of private keys
  - From: Tony Bartoletti

Prev by Date: TimeStamp request
Next by Date: RE:
Previous by thread: RE: generation of private keys
Next by thread: RE: generation of private keys
Index(es):
- Date
- Thread