Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
People have done this for X.509 keys a lot (although I heard that Mozilla now
complains about using a new X.509 certificate with key material known from
another certificate).
The practice is unfortunately far too common in the X.509 world, where the
same key is re-certified year in, year out. The end result is a worst-of-
both-worlds system where you're forced to pay a CA every year to make the
browser warnings go away, but don't get the benefit of changing your key to
limit the damage due to a compromise. It's more PKI security theatre I
guess...
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp