Digi-ID™ Benefits

Digi-ID™ Key Management Benefits

[1] Unlike most Traditional CAs, Digi-CA™ [2] offers both Disposable and Renewable Binding Options for your Digi-IDs™ [3]. As you come to truly understand the implications of selecting your Binding Option, you will come to see the relevance, or necessity, for Key Management.

Disposable Digi-ID™ Benefits

You may think that the benefit of disposing of the Key-Pair once the Digi-ID™ expires is that the ‘chain of trust’ is better or that the Digi-ID™ is ‘more secure’. This belief, is more often than not, misplaced when one examines the Digi-ID™ renewal process. In the majority of cases, during the renewal process the expired/expiring Digi-ID™ is used to validate the renewal request. Therefore, the old Digi-ID™ validates the new Digi-ID™ and whether the Key-Pair is replaced during this process is irrelevant.

You should only consider using the Disposable Digi-ID™ in an environment where the life cycle or duration of its use is low (e.g. less than one year) or if you intend conducting face-to-face validation during every renewal.

Another instance may exist where you must be sure that the old Digi-ID™ is completely destroyed every year and that it can’t be reused again for any reason. These are the rare occasions, when the Disposable Digi-ID™ may be your best option.

Important Note: if at any point during the life of any Digi-ID™ it is believed not to be secure or that it has been compromised, it is replaced regardless of what Binding Option was used when it was generated.

Renewable Digi-ID™ Benefits

The Renewable Digi-ID™ means that the duration of the Key-Pair can be set to any period from one to ten years (we do not recommend more than a 10-Year life cycle). Every time the Digi-ID™ must be renewed, only the Certificate is replaced so that the Key-Pair continues to remain valid. This important difference means that the Digi-CA™ may not need to be deployed with Key Management because the end user only ever owns a single Key-Pair.