[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple certification rules

>It was just suggested that it would be undesirable to have 
>multiple certificates to apply to a single key.  Better to have
>multiple keys.   Why's that?
I'd say that depends. It would be obviously bad if you had a 
certificate that said that was a signing key and another that
said it was an encrption key. It will also make automatic
trust decisions undeterministic if you have a class-1 certificate
and a class-3 certificate for the same key. Or if one said you are
Peter Lipp and the other Ben Wright - and similar things.

If you'd get two "comparable" certificates by different CA's,
this seems fine (to me).


Dr. Peter Lipp, IAIK, University of Technology, Graz
Institute for Applied Information Processing and Communications
Klosterwiesgasse 32/I, A-8010 Graz, +43 316 873 5513
Was nützt die beste Erziehung, die Kinder machen uns ja doch alles nach.