[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Tue Aug 6 16:42:25 UTC 2013


On 08/03/2013 12:28 AM, From kirk_hall at trendmicro.com:
> We also agree.  We were part of all BR discussions, and the effect of rekeying was never discussed.

There is no such a thing, it simply doesn't exist! There is only a 
certificate that is either valid, expired or revoked and every time a 
certificate is issued it's a NEW certificate. It has a new serial number 
and signature hash...and it may have similar properties as another 
certificate but it will never be the same certificate. Every time a CA 
issues a certificate it's a NEW certificate no matter what.

And in this respect it must always comply to the relevant requirements 
and standards. The word "rekeying" is something CAs invented but it 
doesn't really exist - there is no certificate like the other and if 
there was we'd have far bigger problems now.


Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130806/2666fd2b/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130806/2666fd2b/attachment-0001.p7s>


More information about the Public mailing list