IETF Logo Mail Archive

Re: Online Certificate Revocation Protocol

pgut001@cs.auckland.ac.nz (Peter Gutmann) Sun, 10 June 2001 12:36 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA10340 for <pkix-archive@odin.ietf.org>; Sun, 10 Jun 2001 08:36:23 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5ABt1917827 for ietf-pkix-bks; Sun, 10 Jun 2001 04:55:01 -0700 (PDT)
Received: from mail.ec.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.201]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5ABssJ17819 for <ietf-pkix@imc.org>; Sun, 10 Jun 2001 04:54:59 -0700 (PDT)
Received: from kahu.cs.auckland.ac.nz (pgut001@kahu.cs.auckland.ac.nz [130.216.36.13]) by mail.ec.auckland.ac.nz (8.9.3/8.8.6/cs-master) with SMTP id XAA05206; Sun, 10 Jun 2001 23:54:45 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Received: by kahu.cs.auckland.ac.nz (relaymail v0.9) id <99217408515135>; Sun, 10 Jun 2001 23:54:45 (NZST)
From: pgut001@cs.auckland.ac.nz
To: azb@llnl.gov, hansenw@ece.ubc.ca
Subject: Re: Online Certificate Revocation Protocol
Cc: ietf-pkix@imc.org, pgut001@cs.auckland.ac.nz, rhousley@rsasecurity.com
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
X-Authenticated: relaymail v0.9 on kahu.cs.auckland.ac.nz
Date: Sun, 10 Jun 2001 23:54:45 -0000
Message-ID: <99217408515135@kahu.cs.auckland.ac.nz>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>

Tony Bartoletti <azb@llnl.gov> writes:

>Assuming that the entity which lost their private key wanted another
>certificate with a new key pair but wanted the same name. What would
>happen if their were two certificates in existance with the same name?
>Wouldn't the CA not allow this? 
 
CMP already does this via key update request handling, which issues a new cert 
which duplicates an existing one (and having had to implement this I can tell 
you that it's a right bastard to do if your CA has built-in security rules to 
prevent this situation from occurring).
 
Peter.

v2.23.0 | Report a Bug | By Email