Eric,
Within the Department of Defense, there is a requirement to support organizational messaging. In this case, individuals within an organization must share public/private key pairs. In the certificate management protocol used for communicating an organizational messaging certificate request, there is a reference certificate field that indicates if the requested certificate should reuse an existing key. In this specific case, all key pairs are generated and managed at the certificate request processing end.
Michael P. Quinn
----------
From: Eric Bomarsi[SMTP:ebomarsi@xedia.com]
Sent: Wednesday, December 30, 1998 1:56 PM
To: ietf-pkix@imc.org
Subject: Cert Rqsts and Key Pairs
Is there any practical reason why a network device would
need to generate multiple certificate requests each including
the same public/private key pair? Maybe for some reason
two cert rqsts would include the same key pair, but have
different distinguished names or extensions?
I am writing a PKI MIB and need to determine the best way
for a pkiCertRqstEntry to reference a public/private key-pair:
1) include keypair info (algorithm and length) in pkiCertRqstEntry
such that the keypair is created along with the pkiCertRqstEntry.
This would limit the key-pair use to the single pkiCertRqstEntry.
2) create a separate pkiKeyPairTable where pkiKeyPairEntries
are referenced by pkiCertRqstEntries:
2a) If always 1 pkiCertRqstEntry to 1 pkiKeyPairEntry, then
I can use the same index for both tables.
2b) Otherwise (n pkiCertRqstEntries to 1 pkiKeyPairEntry)
a different index for the pkiCertRqstTable is necessary.
Thanks in advance,
Eric Bomarsi