[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: non-key-sharing

At 10:49 AM -0800 11/11/97, Bob Jueneman wrote:
>3.  Another very important function which the CA must perform is the
>centralized distribution and maintenance of certificates (via a directory or
>whatever) as well a CRLs and/or other forms of certificate status checking.

I thought the whole purpose of issuing a certificate was to get out of the
centralized distribution business.  If the certificate must be downloaded
from the CA, instead of being handed to the key pair owner when it is
issued, then you can adopt a model of online checks and get rid of CRLs.

Of course you could have a distributed CA which issued internal
"certificates" to the various nodes of the distribution, but those
certificates would not have to use public key cryptography.  The only use
of public key cryptography in such a system would be to authenticate the
individual nodes, and to authenticate the CA to its customers.

Bill Frantz       | Internal surveillance      | Periwinkle -- Consulting
(408)356-8506     | helped make the USSR the   | 16345 Englewood Ave.
frantz@netcom.com | nation it is today.        | Los Gatos, CA 95032, USA