[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: yet another <auth> type


> "The subject keyholder (K1) is the same person as the keyholder of (K2), on 
> <date>."
> This allows someone to start a service by which someone can map old keys to 
> new ones.
> Thoughts?
>  - Carl

I agree; this would be in support of simple recertifications in cases of
lost keys - something that was brought up in our initial analysis of our
(SBC's) PKI.  It could also make recertification unnecessary in cases
where the issuer of this "key equivalence" cert was trusted in this role
by the verifier.

This seems to be a good generic kind of <auth> type, useful in a general

Brian Thomas - Distributed Systems Architect    bt0008@entropy.sbc.com
Southwestern Bell                               bthomas@primary.net
One Bell Center,  Room 34G3                     Tel: 314 235 3141
St. Louis, MO 63101                             Fax: 314 235 0162