[Top] [All Lists]

Re: TR: Request change in son-of-rfc2633

2003-10-29 02:31:32

"Alberti Antoine" <aalberti(_at_)axway(_dot_)com> writes:

Actually, I even wonder what guarantees that a iAndS is unique, as, as far as
I know, there is no unique LDAP repository (or anything else) for DNs, and
each one is only unique in the issuer's scope. By chance, it seems that the
whole system finally works, but mathematically, it does not: 2 different CAs
may issue 2 CA certs with the same subjectName, and these CAs may issue 2
certs with the same serial.

Well, firstly, X.500 theology requires that you believe that all (CA) DNs are
unique, and to even claim otherwise is treason punishable by limb
reconstruction.  In any case even if you do run into a situation where two CAs
choose to use the same DN, the chance of the serial numbers (a 128-bit or 160-
bit random hash value in most cases) matching as well are... slim.


<Prev in Thread] Current Thread [Next in Thread>