Hi, Dr Stephen.
Thanks for the response.
> -----Original Message-----
> From: [EMAIL PROTECTED]
>
>
> On Tue, Dec 07, 2004, Takurou Saitou wrote:
>
> > Hi,
> >
> > I have a question about "Reduce the chances of duplicate
> > issuer name and serial numbers (inch violation of RFC3280)
> > using the OpenSSL certificate creation utilities." described
> > by "Changes between 0.9.7d and 0.9.7e." .
> >
> > I understand that the chance of the duplicate of a serial number
> > is reduced by making an initial serial number into a random 64-bit
> > numerical value. However, it is in the state which the basis of
> > leading to the management reducing the chance of the duplicate of a
> > issuer name cannot understand to me.
> >
> > Would anyone explain a little in detail for me?
> >
>
> There's a requirement in various standards that issuer name and serial number
> is unique, some software produces errors if distinct certificates have the
> same issuer name and serial number.
>
> Before this change the creation of a root CA would use serial number 0 (which
> a clarification in one of the standards has ruled illegal anyway) the first
> issued certificate would use 1, the next 2 and so on. If someone entered
> exactly the same details into the root CA creation process twice and
> redistributed them the root CA and all issued certificates would be
> duplicates.
>
> Various newbies were doing this and getting hard to trace problems much later:
> sometimes after deploying several certificates.
>
> The use of random initial serial numbers makes this situation much more
> unlikely.
>
Although it does not become the duplicate of a certificate since serial numbers
differ even if surely someone inputs the same publisher name, two CA
certificates
of the same issuer name will exist. Is it satisfactory although seemed to be
contradictory
in the contents of following "Changes" with it being consequent?
------------------------------------------------------------------------------------------
--------------------------------------------
Reduce the chances of duplicate issuer name and serial numbers (inch violation
of RFC3280)
^^^^^^^^^^^^^^^^^^^^^^^^^^
using the OpenSSL certificate creation utilities.
------------------------------------------------------------------------------------------
--------------------------------------------
Thanks.
Takurou Saitou.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
