Robert Relyea wrote: > > Michael Str�der wrote: > >> Robert Relyea wrote: >> >>> If you need to distinguish between two certs, you should have >>> different subjects for those certs. This is because a given use will >>> eventually have many certs for their personality -- one for >>> encryption (which may be escrowed), one for authentication, and one >>> for signing.... >> >> I wonder why the issuer DN is not also considered to distinguish >> different certs. > > Because the issuer is not part of the subject's identity. If the cert > has the same subject and different issuers it is still considered part a > cert for the same entity. This is how cross certification works. (The CA > cert has the same subject, but may have different issuers).
As I understand it this thread is mainly about how "to distinguish between two certs" not about identity (whatever "identity" means). Ciao, Michael.
