Because the issuer is not part of the subject's identity. If the cert has the same subject and different issuers it is still considered part a cert for the same entity. This is how cross certification works. (The CA cert has the same subject, but may have different issuers).
bob Michael Str�der wrote: > Robert Relyea wrote: > >> >> If you need to distinguish between two certs, you should have >> different subjects for those certs. This is because a given use will >> eventually have many certs for their personality -- one for encryption >> (which may be escrowed), one for authentication, and one for signing.... > > > I wonder why the issuer DN is not also considered to distinguish > different certs. > > Ciao, Michael. >
