On Mon, Mar 9, 2015 at 8:04 PM, Bernd Eckenfels <[email protected]> wrote:
> Hello, > > I don't think it is a good idea to add any functionality which tries to > move/copy the private key (and with some hardware protection it should > also not possible). And it is not really needed. Just request a new one. > > The ACME credentials might be transported, but I am not sure you want > to do that via untrusted (ACME) servers... > > Gruss > Bernd > Copying a private key is not a use case, it is (or isn't) a requirement. A use case is 'Fred wants to start a new server and avoid re-validation' There are use cases in which it makes sense for private key material to come from a third party. In particular you don't want to be generating RSA key pairs on a machine in the cloud that is shared with another party. A similar problem comes up with stored encryption keys. Alice wants to be able to read her email on her iPhone and her Surface tablet. So she needs both to have the same decryption key. Whether these use cases are in or out of scope is another matter. But usually you want to discuss the use case and decide according to how much implementation complexity the solution adds. OBDisclaimer: Comodo has pending IPR claims that cover new approaches to solving some of these use cases. At this point all rights are reserved.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
