>If you want to separate the signature key from the encryption key, you should have 2 keys, and not one key with 2 certificates.
Totally agreed - the reason for using key separation is that encryption keys will (typically) have a shorter life time than signing keys (at least for certificate validity, if not for usage period), and the other reason is that if only one key is compromised then other one isn't. Two different certs for one key is strange indeed. Note the term "key separation" is used specifically, not the term "certificate separation" ... Dave ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
