[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple certification rules

To: Ben Wright <Ben_Wright@CompuServe.COM>, "spki(post)" <spki@c2.net>
Subject: Re: multiple certification rules
From: plipp <plipp@iaik.tu-graz.ac.at>
Date: Thu, 05 Jun 1997 21:03:30
Sender: owner-spki@c2.net

>It was just suggested that it would be undesirable to have 
>multiple certificates to apply to a single key.  Better to have
>multiple keys.   Why's that?
I'd say that depends. It would be obviously bad if you had a 
certificate that said that was a signing key and another that
said it was an encrption key. It will also make automatic
trust decisions undeterministic if you have a class-1 certificate
and a class-3 certificate for the same key. Or if one said you are
Peter Lipp and the other Ben Wright - and similar things.

If you'd get two "comparable" certificates by different CA's,
this seems fine (to me).

Peter


Dr. Peter Lipp, IAIK, University of Technology, Graz
Institute for Applied Information Processing and Communications
Klosterwiesgasse 32/I, A-8010 Graz, +43 316 873 5513
________________________________________________________________________
Was nützt die beste Erziehung, die Kinder machen uns ja doch alles nach.

Prev by Date: multiple certification rules
Next by Date: Call for Papers: Jurimetrics Special Edition on PKI
Prev by thread: Re: multiple certification rules
Next by thread: Re: multiple certification rules
Index(es):
- Main
- Thread