[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate requests for encryption keys

To: "Bob Jueneman" <BJUENEMAN@xxxxxxxxxx>
Subject: Re: Certificate requests for encryption keys
From: Keith Brady <keith@xxxxxxxxxxxx>
Date: Tue, 08 Jun 1999 19:27:20 +0100
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

One approach is to make a CMP IR/IP pair for a signature key certificate
which will have the effect of creating an authenticated identity
(presumably). This information should be maintained at the CA and we can
then make a CR request, signed (or POP'ed) by the signature key with the
encryption key as the payload.

We are, of course, not POP'ing the encryption key but this probably
doesn't matter. 

One can do the same with PKCS#10 though you miss the option to use POP.

cheers,

Keith

Prev by Date: RE: Certificate requests for encryption keys
Next by Date: Re: Certificate requests for encryption keys
Previous by thread: RE: Certificate requests for encryption keys
Next by thread: Re: Certificate requests for encryption keys
Index(es):
- Date
- Thread