next up previous contents
Next: Re-key after Revocation Up: IDENTIFICATION AND AUTHENTICATION Previous: Authentication of individual identity   Contents

Routine Re-key

The CA will allow routine re-keying before expiration of the subscribers current certificate. The re-key request must be accompanied by a request based on a new key pair. Recertification of the existing public key is not allowed.

Re-key authentication may be be the procedure detailed in section 3.1.9, or by signing the re-key request with a current, valid private key, provided that the last identification according to 3.1.9 is not longer ago than 5 years. In case the request is signed by the subscribers existing cert, the CA shall assign a RA to re-validate the subscriber data, the subscriber affiliation, and the right of the subscriber to a certificate.

David Groep 2005-01-07