Terry,
IN a message on 10/28 you said:
* Section 4.6.1-3 I'd like it made clear that renewal be only to the same
subscriber. eg the subscriber before and after renewal is the same. At
present it says that only the valid subscriber may request renewal, but
allows a new private key. I think there is too much wriggle room in that for
a subscriber to renew with someone else's private key.
I reviewed the CP text and I think this is clear.
Specifically 4.6.2 says: "Only the certificate holder or the issuing
CA may initiate the renewal process."
And 4.6.3 says: "Renewal procedures must ensure that the person or organization
seeking to renew a certificate is in fact the subscriber (or
authorized by the subscriber) of the certificate and the legitimate
holder of the INR associated with the renewed certificate."
I think these two text sections already address the issue you raised.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
