[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements
sleevi at google.com
Tue Aug 6 18:15:41 UTC 2013
On Tue, Aug 6, 2013 at 9:42 AM, Eddy Nigg (StartCom Ltd.) <
eddy_nigg at startcom.org> wrote:
> On 08/03/2013 12:28 AM, From kirk_hall at trendmicro.com:
> We also agree. We were part of all BR discussions, and the effect of rekeying was never discussed.
> There is no such a thing, it simply doesn't exist! There is only a
> certificate that is either valid, expired or revoked and every time a
> certificate is issued it's a NEW certificate. It has a new serial number
> and signature hash...and it may have similar properties as another
> certificate but it will never be the same certificate. Every time a CA
> issues a certificate it's a NEW certificate no matter what.
> And in this respect it must always comply to the relevant requirements and
> standards. The word "rekeying" is something CAs invented but it doesn't
> really exist - there is no certificate like the other and if there was we'd
> have far bigger problems now.
This was certainly our understanding as well.
> Regards Signer: Eddy Nigg, COO/CTO StartCom Ltd.<http://www.startcom.org>
> XMPP: startcom at startcom.org Blog: Join the Revolution!<http://blog.startcom.org>
> Twitter: Follow Me <http://twitter.com/eddy_nigg>
> Public mailing list
> Public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public