[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: yet another <auth> type
> "The subject keyholder (K1) is the same person as the keyholder of (K2), on
> This allows someone to start a service by which someone can map old keys to
> new ones.
> - Carl
I agree; this would be in support of simple recertifications in cases of
lost keys - something that was brought up in our initial analysis of our
(SBC's) PKI. It could also make recertification unnecessary in cases
where the issuer of this "key equivalence" cert was trusted in this role
by the verifier.
This seems to be a good generic kind of <auth> type, useful in a general
Brian Thomas - Distributed Systems Architect email@example.com
Southwestern Bell firstname.lastname@example.org
One Bell Center, Room 34G3 Tel: 314 235 3141
St. Louis, MO 63101 Fax: 314 235 0162