> There is some wording in PKIX and X.509 which creates the impression that a > CA could be re-using the same Subject DName with different keys, but such > an interpretation is a formally provable defect of the PKIX specification.
Any links you can point to? I don't see how CA1 issuing a sub-ca for "... CN=fred" can globally prevent CA2 from issuing a sub-ca with the exact same DN. Can you explain what I am missing? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
