Digi-Sign, The Certificate Corporation
Published on Digi-Sign, The Certificate Corporation (https://www.digi-sign.com)

Home > Digi-ID™ Benefits

By Digi-Sign
Created Feb 25 2008 - 11:26

Digi-ID™ Benefits

Digi-ID™ Key Management Benefits

PDF [1] Unlike most Traditional CAs, Digi-CA™ [2] offers both Disposable and Renewable Binding Options for your Digi-IDs™ [3]. As you come to truly understand the implications of selecting your Binding Option, you will come to see the relevance, or necessity, for Key Management.

  • Disposable Digi-ID™ Benefits
    • Unless your requirement is for a small number of users, by choosing the Disposable Digi-ID™, every time it is renewed, a new Key-Pair is generated and this means you will require Key Management at some point in the future. This future requirement must be implemented during the installation of the Digi-CA™ and prior to the distribution of any Digi-ID™, if it is to be effective. So choosing the Disposable Digi-ID™ requires Key Management within the Digi-CA™ system from the outset.

      You may think that the benefit of disposing of the Key-Pair once the Digi-ID™ expires is that the ‘chain of trust’ is better or that the Digi-ID™ is ‘more secure’. This belief, is more often than not, misplaced when one examines the Digi-ID™ renewal process. In the majority of cases, during the renewal process the expired/expiring Digi-ID™ is used to validate the renewal request. Therefore, the old Digi-ID™ validates the new Digi-ID™ and whether the Key-Pair is replaced during this process is irrelevant.

      You should only consider using the Disposable Digi-ID™ in an environment where the life cycle or duration of its use is low (e.g. less than one year) or if you intend conducting face-to-face validation during every renewal.

      Another instance may exist where you must be sure that the old Digi-ID™ is completely destroyed every year and that it can’t be reused again for any reason. These are the rare occasions, when the Disposable Digi-ID™ may be your best option.



    Important Note: if at any point during the life of any Digi-ID™ it is believed not to be secure or that it has been compromised, it is replaced regardless of what Binding Option was used when it was generated.

  • Renewable Digi-ID™ Benefits
    • The Renewable Digi-ID™ means that the duration of the Key-Pair can be set to any period from one to ten years (we do not recommend more than a 10-Year life cycle). Every time the Digi-ID™ must be renewed, only the Certificate is replaced so that the Key-Pair continues to remain valid. This important difference means that the Digi-CA™ may not need to be deployed with Key Management because the end user only ever owns a single Key-Pair.



Source URL: https://www.digi-sign.com/digi-ca/key%20management%20benefits

Links:
[1] https://www.digi-sign.com/downloads/download.php?id=digi-ca-pdf
[2] https://www.digi-sign.com/digi-ca
[3] https://www.digi-sign.com/digi-id