Just to be pedantic ...
One of the first uses of a separate CRL signing CA was SET, I believe.
In many ways, it makes sense. If certs are VERY important, then you want
the CA to be offline so it can due proper diligence before minting a cert.
But if certs are VERY important, then you want revocation to happen damn
fast. Prior to OCSP, the only option was a separate CRL-signer.
At one point in the original conception, we were going to have a
separate revocation root (at both the root and the L1 bank level).
I say we because CertCo created Identrus and worked with the initial
invited member banks to create the Identrus PKI.
Yes, Baltimore was probably the first commercial CA to support a separate
CRL signer, and they did it by having a cert with the same subjectDN but a
different set of keyUsage bits. That is arguably the right thing to do,
and it is completely supported by 2459, no changes necessary. Of course, it
does require recipients to be able to handle multiple certs, just like they
might have to handle re-key.
Lots of software can't handle that, so I'm not surprised to hear you say
that Identrus backed away from it. Too bad, since it does lead to a less
secure system, but since they're banks they can afford to manage that risk.
(Just in case it comes up here, OCSP responders that are purely CRL based are
of course no more secure now.)
Hope this helps.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
