> ...except that it's not.
>
> A later certificate (w/ different public key) with the same CN can
> issue revocations against an earlier certificate with the same CN, per
> X.509. That's part of the problem with the entire X.509 model in the
> first place.
Is this so without the newer certificate being explicitly selected as
trusted? That would be a serious flaw and it's hard for me to believe that
could be. Do you have a reference?
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
