RE: Inclusion of the issuer and serial number in authenticated in format

ietf-smime

RE: Inclusion of the issuer and serial number in authenticated in formation

1998-03-13 07:57:35

From: jsp(_at_)jgvandyke(_dot_)com (John Pawling)

Jim,

In your reply to my message you said: "Specifically there is nothing that
prevents a CA from issing a new certificate with the same serial number and
issuer name, but different extensions."  I respectfully disagree with this
statement, because X.509, verse 3.3.24, defines serial number as follows:
"certificate serial number:  An integer value, unique within the issuing CA,
which is unambiguously associated with a certificate issued by that CA."



Perhaps "nothing" is too strong a word, but when the issue is
cryptographic binding of a certificate chain into the signed data,
the fact is that a rogue CA could do something against the rules.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Inclusion of the issuer and serial number in authenticated in formation, Blake Ramsdell Re: Inclusion of the issuer and serial number in authenticated in formation, Denis Pinkas RE: Inclusion of the issuer and serial number in authenticated in formation, John Pawling RE: Inclusion of the issuer and serial number in authenticated in formation, John Pawling RE: Inclusion of the issuer and serial number in authenticated in formation, David P. Kemp <= Re: Inclusion of the issuer and serial number in authenticated in formation, John Pawling Re: Inclusion of the issuer and serial number in authenticated in formation, Russ Housley

Previous by Date:	I-D ACTION:draft-ietf-smime-cert-02.txt, Internet-Drafts
Next by Date:	CERT-02 Comments, John Pawling
Previous by Thread:	RE: Inclusion of the issuer and serial number in authenticated in formation, John Pawling
Next by Thread:	Re: Inclusion of the issuer and serial number in authenticated in formation, John Pawling
Indexes:	[Date] [Thread] [Top] [All Lists]