Menu
▾
▴
Re: [Openca-Users] key compromise when approving CSR with existing key
|
From: Konrad K. <ke...@a1...> - 2010-09-01 19:49:32
|
That makes sense Thanks Konrad -----Original Message----- From: Massimiliano Pala [mailto:Massimiliano.Pala@Dartmouth.edu] Sent: 01 September 2010 20:59 To: Users' Help and Suggestions Subject: Re: [Openca-Users] key compromise when approving CSR with existing key Hello Konrad, As Dave said, it is best practice not to re-use keypairs for different purposes. Also, it might be difficult to manage revokation. For example, if a key is compromised, then all the certificates issued with the corresponding public key have to be revoked. This could be difficult to achieve in some environments. Later, Max On 09/01/2010 12:14 PM, Konrad Kehrer wrote: > Hi all, > > Can anyone explain why it is treated as a key compromise if more than > one certificates would be issued that all were generated using > > the same private key? > > A user might need a certificate for e.g. EAP-TLS access and later > another one to access a web application - why is it necessary to > generate a new private/public key in that case? |