News and information about InCommon Academy offerings

[Joe St Sauver <>]

Hi,

Effective today, 8/23/2011, the cap on the number of valid client
(personal) certificates per unique email address has been eliminated
for all subscribers to the InCommon Certificate Service.

Since the deployment of client certificates, community discussions
have identified some scenarios where having three or more client
certificates per email address might be useful. InCommon and our
partner, Comodo, agreed and have made available unlimited client
certificates per email address.

Normally, most certificate authorities will only allow you to have
one valid client certificate per unique email address.

Previously, the InCommon Certificate Service has allowed subscribers
to receive up to two certificates per unique email address. This
flexibility has made it possible for sites to issue an escrowed
encryption key, while also issuing the user a non-escrowed and
non-repudiable digital signing key, as required by state law in
some jurisdictions. Under this old scenario, however, an attempt to
request a third certificate for that same email address would be
denied.

A few anticipated questions are addressed below. If you have other
questions, please feel free to email 
.

Thanks,

Joe St Sauver, Ph.D.
Manager, InCommon Certificate Program and Internet2 Nationwide Security 
Programs

About the InCommon Certificate Service: The InCommon Certificate Service
provides unlimited SSL, personal signing (e.g. client), extended 
validation,
encryption, and code signing certificates for one annual fee. This includes
certificates for all domains owned by an institution of higher education.
(www.incommon.org/cert)

FAQ:
----

Q. Why did you make this change for all users of the InCommon
Certificate Service, rather than just the particular sites that might
need this change?

A. Whatever setting we pick for this applies to all participants.
Picking an unlimited number of client certificates per unique email
address is the option that provides flexibility for all potential
client certificate usage scenarios.

----

Q. Will I need to do anything for my school to be able to issue three or
more client certificates per unique email address?

A. No, this change will be transparently made for all InCommon
Certificate Service subscribers.

----

Q. We're using client certificates from InCommon, but currently only
issue one or two client client certificates per unique email address. Do
we need to do anything?

A. No.

----

Q. We subscribe to the InCommon Certificate Service, but we don't use
client certs. Will this change affect us in any way? Do we need to do
anything?

A. No, you won't be affected and do not need to do anything.