Peter Gutmann wrote:
Can't you just have two issuerAndSerialNumber index entries pointing to the
same private key? I must admit it's not something that's come up before (I
strongly encourage users to generate new keys and not re-certify the same old
key year in, year out, which probably helps), but if you needed to do it you
could just retain the old iAndS index entry for the private key.
Unfortunately, the PKI users require new certificates because of
changing email addresses before the certificates expire. What I'm
really after here is to avoid going through the whole key recovery mess
simply so users can read old enveloped email.
Currently, the PKI in use adds the rfc822Name to the subjectAltName
extension in the S/MIME encryption certificates being created. Changing
that is a long process already underway-- the eventual goal is to use
S/MIME signing certs tied to email addresses, and S/MIME encryption
certs that are not, but it could be a couple of years before that's ready.
I work for a rather large organization with a rather large PKI. ;)
We're also using a smartcard token to hold the certs & keys, and there's
no room to retain the old certs. More capacious tokens are coming, but
that will be a long process in and of itself.
> (Do you specifically need an MTA that does this, or will an S/MIME
> toolkit do?
> :-).
It would be nice if it all worked with Outlook, but that may be too much
to ask (see below).
I don't think this will help, when you delete the old cert the sKID goes with
it, so when you lose the iAndS you also lose the sKID.
But in the new cert the sKID should be the same as the old one, since
they key material hasn't changed. So when I'm opening an enveloped
message, I pull the sKID from RecipientInfo, search the cert store for
that sKID, then find the private key that matches the modulus from that
cert.
Or am I just wrong? Why?
I can say that retaining the old certificate probably won't work on
Windows anyway; it appears that Windows associates key pairs via a
specific pointer rather than by shared modulus, *and* it enforces a
one-to-one mapping of certs and private key containers. But we're
taking that as a separate issue.
--
-- Timothy J. Miller
( The MITRE Corporation )