Salz, Rich wrote: [ Charset windows-1252 unsupported, converting... ] > > There is some wording in PKIX and X.509 which creates the impression that a > > CA could be re-using the same Subject DName with different keys, but such > > an interpretation is a formally provable defect of the PKIX specification. > > Any links you can point to? > > I don't see how CA1 issuing a sub-ca for "... CN=fred" can globally prevent > CA2 from issuing a sub-ca with the exact same DN. Can you explain what I am > missing? Such an action will create two mutually exclusive PKIs, PKIs that are *NOT* allowed to ever be bridged. Bridging them or would open security problem in the design of CRL processing rules for a collision of distinct subCA names, because those rules say that a signature on a CRL is valid, if the CRL signer cert can be verified under the same root as the CA.
PKIX (rfc5280) about AuthorityKeyIdentifier X.509v3 extension: https://tools.ietf.org/html/rfc5280#section-4.2.1.1 The keyIdentifier field of the authorityKeyIdentifier extension MUST be included in all certificates generated by conforming CAs to facilitate certification path construction. While it is a requirement for conforming CAs to place AuthorityKeyIdentifiers into issued certificates, using it for building or verifying certificate chains by RPs is purely optional "faciliate". If re-using the same CA DName for certs with different keys would be allowed, then chain building and chain verifying would become *DESPERATELY* dependent on support *AND* use of AuthorityKeyIdentifier->SubjectKeyIdentifier. -Martin PS: Coincidentally, this also implies that "self-issued" (rather than self-signed) certificates are a "myth". While they can be created technically, they are *ALWAYS* in violation of requirements of the specification(s). _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
