> -----Original Message-----
> From: Dave Kelsey [mailto:[log in to unmask]]
> Sent: Wednesday, April 09, 2014 11:12 AM
> To: [log in to unmask]
> Subject: Re: I'll test this out: https://www.gridpp.ac.uk/wiki/Grid_Certificate
>
> On the meaning of the word "renewal".
>
> According to RFC3647 renewal is defined as follows:
>
> "Certificate renewal means the issuance of a
> new certificate to the subscriber without changing the subscriber or
> other participant's public key or any other information in the
> Certificate."
>
> I should add that renewal does change the valid to/from dates and the serial
> number.
As I understood it a Renew MUST change the serial number, but doesn't need to change
the dates. For instance - re-signing with a different CA Cert, or with a different hash algorithm.
Is this correct or would it need to rekey for that?
> When the UK vert wizard says "renew" its should really say "rekey".
Agreed - "careless talk costs lives" and "we" are often carelessly use the words Renew when we mean Rekey
Having said that *most* of the time, *most* of our users don't need to worry about the distinction so it
keeps things simpler in general (but not in this case)
Cheers
JK
--
Scanned by iCritical.
|