Hi, Thank you very much for the response. I accept with you. In the case of an OCSP Responder, this is possible.
But can we imagine of a case where the end-entity(ie., a user) gets two certificates from two different CA's for the same Public Key?? I would like to know what uses it may have.... Regards Suram ----- Original Message ----- From: Rick Ziegler <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 28, 2002 11:46 PM Subject: Re: Doubt regarding Certificate's Public Key One example where multiple certification is needed is an OCSP responder that responds for multiple CAs, and whose relying parties expect responses to indicate that the CA has delegated the authority to that responder. Because an OCSP response may only be signed by a single key, a response that includes information from multiple CAs must be signed by a key certified by each of those CAs. See the crude diagram below: <OCSP request> Issuer A, Serial 1? Issuer B, Serial 5? </OCSP request> <OCSP Response> Issuer A, Serial 1 : GOOD Issuer B, Serial 5 : GOOD /signature/ <optional certs> <cert a> Issuer : Issuer A Subject: This Responder Extended Key Usage: OCSP-Signing </cert a> <cert b> Issuer : Issuer A Subject: This Responder Extended Key Usage: OCSP-Signing </cert b> </optional certs> Hope that helps! On Thu, 2002-03-28 at 08:40, Chandu wrote: > Hi, > > I have a query regarding the Certificates public key. > > Is it possible according to PKI standards to get more than one certificate > from different CA's for the same public key? > > I feel theoritically it is possible. But I do not know how practical it is. > > If this is possible can some one give the practical situation of where it > can be used? If not why it should not be allowed. > > I would like to have some comments and feeback on this issue. > > Regards > Suram > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Richard Ziegler Software Engineer / ClearCase Administrator (617) 503-0442 CertCo, Inc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
