Independent Certificate Management
One other advantage to having distinct public keys in distinct certificates is the relative ease of independent certificate management in the case of certificate revocation (see Chapter 8, "Certificate Revocation," for a discussion of revocation). If a single public key is contained in multiple certificates and the private key is compromised (or any other circumstance occurs that requires revocation), it must be "remembered" (or discovered) which certificates contain this key so that they may all be revoked. Failure to revoke any of these certificates can constitute a serious security risk. By contrast, such a risk is greatly decreased if a public key appears in one and only one certificate because the administrative ...
Get Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
