<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Aug 6, 2013 at 9:42 AM, Eddy Nigg (StartCom Ltd.) <span dir="ltr"><<a href="mailto:eddy_nigg@startcom.org" target="_blank">eddy_nigg@startcom.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<br>
On 08/03/2013 12:28 AM, From <a href="mailto:kirk_hall@trendmicro.com:" target="_blank">kirk_hall@trendmicro.com:</a><div class="im">
<blockquote type="cite">
<pre>We also agree. We were part of all BR discussions, and the effect of rekeying was never discussed.</pre>
</blockquote>
<br></div>
There is no such a thing, it simply doesn't exist! There is only a
certificate that is either valid, expired or revoked and every time
a certificate is issued it's a NEW certificate. It has a new serial
number and signature hash...and it may have similar properties as
another certificate but it will never be the same certificate. Every
time a CA issues a certificate it's a NEW certificate no matter
what.<br>
<br>
And in this respect it must always comply to the relevant
requirements and standards. The word "rekeying" is something CAs
invented but it doesn't really exist - there is no certificate like
the other and if there was we'd have far bigger problems now.<div class="im"><br></div></div></blockquote><div><br></div><div>This was certainly our understanding as well.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div class="im">
<br>
<br>
<div>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org" target="_blank">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a>startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org" target="_blank">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg" target="_blank">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</div></div>
<br>_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
<br></blockquote></div><br></div></div>