> If re-using the same CA DName for certs with different keys would be > allowed, then chain building and chain verifying would become > *DESPERATELY* dependent on support *AND* use of > AuthorityKeyIdentifier->SubjectKeyIdentifier.
Or, it could use subject/issuer. Or it could try all the matching CA DName certs it has. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
