[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple certification rules, OK?

To: spki@c2.net
Subject: Re: Multiple certification rules, OK?
From: dpkemp@missi.ncsc.mil (David P. Kemp)
Date: Thu, 5 Jun 1997 08:57:10 -0400
Sender: owner-spki@c2.net

> From: Bob Smart <Robert.Smart@mel.dit.csiro.au>
> 
> Below is a message from Stephen Kent which shows that the idea of
> multiple certificates for a public key is becoming widely accepted.

Steve can certainly speak for himself, but I see nothing in this quote
that advocates, or even discusses, multiple certificates for a single
public key.

What it does discuss is the issuance of multiple certificates, from
multiple issuers, to a single entity.  None of the issuers can
*prevent* the reuse of keypairs (assuming the client chooses the keys),
but a prudent client would find it in his own interest to use different
keys for each different issuer.


> Each certifcate encodes some assertion about the subject public key by
> the owner of the public key used to sign the certificate. For reasoning
> about these assertions we need a common format to represent the
> information. However we won't have a common format for the canonical
> representation which is the actual bit pattern signed because that is
> out of our control in many cases. If we only accept things signed 
> using our canonical form then lots of valuable information about
> public keys becomes inaccessable.

Agree completely.

Prev by Date: Re: Base-64 proposal
Next by Date: Multiple certification rules, OK?
Prev by thread: redirection
Next by thread: Multiple certification rules, OK?
Index(es):
- Main
- Thread