Hello Konrad, As Dave said, it is best practice not to re-use keypairs for different purposes. Also, it might be difficult to manage revokation.
For example, if a key is compromised, then all the certificates issued with the corresponding public key have to be revoked. This could be difficult to achieve in some environments. Later, Max On 09/01/2010 12:14 PM, Konrad Kehrer wrote:
Hi all, Can anyone explain why it is treated as a key compromise if more than one certificates would be issued that all were generated using the same private key? A user might need a certificate for e.g. EAP-TLS access and later another one to access a web application – why is it necessary to generate a new private/public key in that case?
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
