#3: Nit Report - CP draft
-----------------------------+----------------------------------------------
Reporter: g...@… | Owner:
Type: task | Status: new
Priority: minor | Milestone:
Component: cp | Version:
Severity: In WG Last Call | Keywords:
-----------------------------+----------------------------------------------
Comment(by g...@…):
Steve Kent (5/11)
IN a message on 10/28 you said:
* Section 4.6.1-3 I'd like it made clear that renewal be only to the same
subscriber. eg the subscriber before and after renewal is the same. At
present it says that only the valid subscriber may request renewal, but
allows a new private key. I think there is too much wriggle room in that
for
a subscriber to renew with someone else's private key.
I reviewed the CP text and I think this is clear.
Specifically 4.6.2 says: "Only the certificate holder or the issuing CA
may initiate the renewal process."
And 4.6.3 says: "Renewal procedures must ensure that the person or
organization
seeking to renew a certificate is in fact the subscriber (or authorized by
the subscriber) of the certificate and the legitimate holder of the INR
associated with the renewed certificate."
I think these two text sections already address the issue you raised.
--
Ticket URL: <http://trac.tools.ietf.org/wg/sidr/trac/ticket/3#comment:1>
sidr <http://tools.ietf.org/sidr/>
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
