%% You should probably cite draft-bonnell-lamps-chameleon-certs-04 instead of this revision. @techreport{bonnell-lamps-chameleon-certs-00, number = {draft-bonnell-lamps-chameleon-certs-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-bonnell-lamps-chameleon-certs/00/}, author = {Corey Bonnell and John Gray and D. Hook and Tomofumi Okubo and Mike Ounsworth}, title = {{A Mechanism for Encoding Differences in Paired Certificates}}, pagetotal = 48, year = , month = , day = , abstract = {This document specifies a method to efficiently convey the differences between two certificates in an X.509 version 3 extension. This method allows a relying party to extract information sufficient to construct the paired certificate and perform certification path validation using the constructed certificate. In particular, this method is especially useful as part of a key or signature algorithm migration, where subjects may be issued multiple certificates containing different public keys or signed with different CA private keys or signature algorithms. This method does not require any changes to the certification path validation algorithm as described in RFC 5280. Additionally, this method does not violate the constraints of serial number uniqueness for certificates issued by a single certification authority.}, }