Root CA key update RFC 2510 “Certificate Management Protocols” contains text « buried » there. Root key change is not a client-server protocol, since it can simply be performed by placing static data in a repository: "old with new" certificate, "new with new" certificate, "new with old" certificate. In order to promote root key changes, the text should be placed (and adapted) inside 3280bis. A text proposal to adapt the text from RFC 2510 has been sent to the mailing list on November 15, 2004. |