I thought the problem was that you were using the same keypair
for encryption and signing. So that there really is only one key.
I know, the key escrow was designed when the requirements were
only for encryption only. Digital signature requirement was added when
the consultant got on board. So, it was not really part of the original
plan. We have not redesigned the escrow scheme, as we have
not really resolve this double-cert thingy.
Yeah, I agree with you, if we using the same key with 2 certs,
the escrow becomes the main attack target.
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
OpenSSL Project http://www.openssl.org
User Support Mailing List email@example.com
Automated List Manager [EMAIL PROTECTED]