On Wed, 25 Feb 1998, John Lowry wrote:
[snip, OK]
Note that as a practical matter, it is impossible for CAs to
search each other's key spaces to ensure global uniqueness ...
(yes, never say never...)
This is not mandated by X.509 either, only that the key and DN be unique
at that CA. Further, X.509 also accepts DN duplication in the *same* CA --
but not cert duplication.
Cheers,
Ed
______________________________________________________________________
Dr.rer.nat. E. Gerck
egerck(_at_)novaware(_dot_)cps(_dot_)softex(_dot_)br
http://novaware.cps.softex.br
--- Meta-Certificate Group member, http://www.mcg.org.br ---