Content deleted Content added
rply Skippy |
|||
Line 277:
::You seem to state that it's normal and reasonable to unnecessarily regenerate keys. I don't believe you will find literature which supports you. Do you have a reference? [[User:Skippydo|Skippydo]] ([[User talk:Skippydo|talk]]) 23:35, 20 October 2008 (UTC)
::Not off the top of my head no. I'll dig into the stuff I have available to see if I can find one WP will find acceptable. [[User:Ww|ww]] ([[User talk:Ww|talk]]) 01:13, 21 October 2008 (UTC)
::: Ok, here is a reference: Report of the Nist Workshop on Digital Signature Certificate Management, Dec 10-11, 1992. On page 16: ''Elaine [Baker] finished by showing the ASN.1 specs for the Certificate Revocation List and for the Attribute Certificate. There was considerable discussion over what would be revoked in the case of a CA compromise. If we stop using the compromised CA key, do we also need to stop using a user's key in any certificate signed with that (now) compromised key? It was pointed out that we must differentiate between the idea that we are revoking certificates and not revoking keys. That is, it is not in general necessary to reissue a user's public/private key pair due to CA compromise. After an appropriate investigation, you may reissue certificates signed in error, or hot list certificats as necessary, but the keying material may still be valid.'' Hope, this finally settle the discussion. [[Special:Contributions/85.0.101.155|85.0.101.155]] ([[User talk:85.0.101.155|talk]]) 07:02, 21 October 2008 (UTC)
== Legality (UK) ==
| |||