...except that it's not. A later certificate (w/ different public key) with the same CN can issue revocations against an earlier certificate with the same CN, per X.509. That's part of the problem with the entire X.509 model in the first place.
On 3/15/06, David Schwartz <[EMAIL PROTECTED]> wrote: > > > > So if what you are saying is true then i could call > > myself the same name as a trusted CA authority when > > making my root CA and the browser will think i am a > > trusted CA. Is that correct?. It seems too simple to be true..... > > No. CAs are not identified by name but by key. That's the whole > purpose of > a certificate -- to associate a name with a particular key. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
