...
Initially, one or more RAOs from each organization will be given the ability to manage client certificates. Before a RAO can issue client certificates, a decision regarding key escrow must be made. Key escrow (also known as "key recovery" in the CSM) is available to all subscribers of the InCommon Certificate Service for no additional fee.
| Info | ||
|---|---|---|
| ||
All current organizations have key escrow enabled. The only way to change this is to create a new organization instance in the CSM. InCommon made the decision about key escrow many months in advance of deploying client certificates, when SSL was the only service in operation and the key escrow functionality in CSM was still in its infancy. Since we didn't want to disable potentially useful functionality for an entire organization's life cycle, we chose to enable escrow for all organizations. |
...