2.22. Add Section 8.4 - Private Keys for Certificate Signing and CMP Message Protection

The following subsection addresses the risk arising from reusing the CA private key for CMP message protection.

Insert this section after Section 8.3 of [RFC4210] (Note: This fixes Errata ID 5731):

8.4. Private Keys for Certificate Signing and CMP Message Protection

In general, the private key used to sign a certificate SHOULD NOT be used for any other purpose. However, when a CA uses signature-based protection for CMP messages, it MAY use its CA private key for this purpose.

2.22. Add Section 8.4 - Private Keys for Certificate Signing and CMP Message Protection​

8.4. Private Keys for Certificate Signing and CMP Message Protection​

2.22. Add Section 8.4 - Private Keys for Certificate Signing and CMP Message Protection

8.4. Private Keys for Certificate Signing and CMP Message Protection