|
|
|
For a Privacy CA the option of escrowing private keys should be available. The alternative is a situation where clients who have lost their private keys can no longer read their saved private email, while the CA does not have escrowed keys with which to rescue them.
For an Identity CA, however, private keys should never be escrowed, because any staffer with access to the escrowed key can impersonate the user. In this case the rescue for clients who lose their private keys is to simply issue another certificate.
A PKI providing a single certificate type for email is caught in a dilemma. Thus the dual-certificate solution was developed. Separate certificates are used for the two functions. The private keys for Identity certificates are never escrowed, while escrow remains an option for keys for Privacy certificates.
For this scheme to work the CA must issue Identity certificates that cannot be used for privacy and Privacy certificates that cannot be used for identity. The client software is configured with both certificates, and this scheme depends on the client software selecting the appropriate certificate for each function.
Current work is concentrating on the definition of appropriate certificate usage extensions to realize this design.
|
This page is maintained by the Office of Information Technology
© 2003, 2004, 2005, 2006, 2007, 2008 University of Maryland |
|
