On 03/12/16 17:42, Peter Bowen wrote: > As to the inclusion request, I think Mozilla should reject this > request and add a clear rule to the Mozilla CA policy that each CA > must have a unique DN. The DN should be a primary key for the trust > store and no two entries should have the same DN.
Just to help me be clear: the request is for the inclusion of a root with the same DN as a previous root, which will still be included after the addition? Or the problem with duplicate DNs occurs further down the hierarchy? Does Firefox build cert chains using DNs, or using Key Identifiers as Wen-Cheng says it should? I assume it's the former, but want to check. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
