On 27/09/16 10:31, Gervase Markham wrote: <snip> >> Looking at other cases for duplicate serial numbers, I also find >> those not mentioned in the report: >> >> 2 for the same CA, but different URIs in it: >> https://crt.sh/?serial=44807b207cf2052e8d3411770266d295&iCAID=1450 >> >> 2 for the same CA with order fields different, and different URIs: >> https://crt.sh/?serial=3adec402270bf4ee9e892cc65e0ada21&iCAID=1450 > > Both of these are intermediates. Reissuing intermediates with new > information but the same serial number and key AIUI does happen > occasionally, although now I think about it, I guess it's as much an RFC > violation as when CAs do it with EE certs. Do any PKI people want to > chime in with views on this practice?
Hi Gerv. You're correct. Each of these pairs of certs have the same Issuer, and so it's a violation of RFC5280 for them to share the same serial number. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
