> On Mon, May 4, 2015 1:25 pm, David Woodhouse wrote: >> Surely that's not unique? Using the above example, surely the first >> certificate issued by the 2010 instance of 'My CA', and the first >> certificate issued by the 2015 instance, are both going to have >> identical CKA_ISSUER and CKA_SERIAL_NUMBER, aren't they? > > No, every subject and serial must be unique. If the 2010 and 2015 instance > are distinct bytes, they need distinct serial numbers. >
I was speaking of the serial numbers of certificates issued *by* those two separate CAs. Or are you suggesting that those sets of serial numbers muat be disjoint? -- dwmw2 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto