28 Mar
2007
28 Mar
'07
5:52 p.m.
"Reimer Karlsen-Masur, DFN-CERT" writes:
IMO it was not the key rollover, it was the reissuing of a CA cert with e.g. an extended lifetime or a different signing hash (md5 towards sha1) which
Yes that's much better. The CA's in question came to the end of the lifetime of the signing cert & needed to do something, and how they had previously set up the Authority KeyId had a large role in what they did next. We should actually write another document about how to manage this transistion (or how not to :^).