<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
On 08/03/2013 12:28 AM, From <a class="moz-txt-link-abbreviated" href="mailto:kirk_hall@trendmicro.com:">kirk_hall@trendmicro.com:</a>
<blockquote
cite="mid:EF70381B2D29784EA4FC66042BE81EAF73A7E5@SJDCEXMBX03.us.trendnet.org"
type="cite">
<pre wrap="">We also agree. We were part of all BR discussions, and the effect of rekeying was never discussed.</pre>
</blockquote>
<br>
There is no such a thing, it simply doesn't exist! There is only a
certificate that is either valid, expired or revoked and every time
a certificate is issued it's a NEW certificate. It has a new serial
number and signature hash...and it may have similar properties as
another certificate but it will never be the same certificate. Every
time a CA issues a certificate it's a NEW certificate no matter
what.<br>
<br>
And in this respect it must always comply to the relevant
requirements and standards. The word "rekeying" is something CAs
invented but it doesn't really exist - there is no certificate like
the other and if there was we'd have far bigger problems now.<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>