On Thu, May 04, 2017 at 02:58:07PM +0000, Salz, Rich wrote: > > There is some wording in PKIX and X.509 which creates the impression > > that a CA could be re-using the same Subject DName with different keys, > > but such an interpretation is a formally provable defect of the PKIX > > specification. > > Any links you can point to? > > I don't see how CA1 issuing a sub-ca for "... CN=fred" can globally > prevent CA2 from issuing a sub-ca with the exact same DN. Can you > explain what I am missing?
The organization info (O, L, ST, C, etc...) is supposed to differ in that case (CN is just one field of DN), rendering the full DNs distinct. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
