[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Son-of-IKE Selection Criteria?
"Dilkie, Lee" <Lee_Dilkie@Mitel.COM> writes:
> I see no reason to revoke a certificate just because you re-issued
> due to a name change. There was no comprimise of the original
> private key, so why would you need to go through the expense of
> revoking a certificate?
Because a certificate is a binding of a Public/Private keypair to a
name. If, as Phill is suggesting, you use the IP Address as the name,
then every time you change IP Address you need to revoke and re-issue
certificates. Note that this does not mean you need to change/revoke
the Public/Private Keypair in use, you just need to revoke the
binding to the old IP Address.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
References: