John, Just like none of us should use the same username/password for different systems, none of us should request multiple certificates for the same key pair. However, a CA has no ultimate control over this since the subject may request certificates from multiple CAs. Thanks, Mike w3c-ietf-xmldsig-request@w3.org wrote on 03/12/2004 11:52:56 AM: > > > <gregor> > However, I do not think that modelling the signer role per using different > certs for the same key is a good practice. Rather the relying party should > deduce this from the context, for instance from the data being signed (as > you do it in the paper world as well), or from another signature attribute > which XadES provides (Signer Role). > </gregor> > > Yes, reading this chain I got the same feeling as Gregor that the CAs issuing > multiple certs per the same key pair had crossed the line of the intent of > the system and were now using the self-signing ability of XML DSig or XAdES > to fix the hack. > > A key pair is supposed to be assigned to a unique identity. If, within a system, > that means (name+role), then that is what should be assigned the key pair. > To say that (name+role) is the identity, but we assign the key pair to name > opens up the real possibility of abuse of the system. > > To wit, how is the relying party supposed to know whether or not a cert is the > unique wrapper for a given key pair? Therefore, how can generic signature engines > be written? Must they be told to require signatures that sign the certificate as > part of the core validation? > > Conversely, because it's not part of core validation, shouldn't the CA's have > stayed away from this practice? > > John Boyer, Ph.D. > Senior Product Architect and Research Scientist > PureEdge Solutions Inc. >Received on Friday, 12 March 2004 12:58:26 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:18 GMT