[caops-wg] Certificate Bridging and the Grid Certificate Profile version 0.21
Mike Helm
helm at fionn.es.net
Wed Mar 28 12:52:06 CDT 2007
"Reimer Karlsen-Masur, DFN-CERT" writes:
> IMO it was not the key rollover, it was the reissuing of a CA cert with e.g.
> an extended lifetime or a different signing hash (md5 towards sha1) which
Yes that's much better. The CA's in question came to the end of the
lifetime of the signing cert & needed to do something, and how they
had previously set up the Authority KeyId had a large role in what
they did next.
We should actually write another document about how to manage this
transistion (or how not to :^).
More information about the caops-wg
mailing list