On 03/24/2016 11:09 AM, Stephen Kent
wrote:
David,
No text in 5280 requires name uniqueness across all CAs.
Untrue, as I'll demonstrate below.
It does
require uniqueness
on a per-CA basis (Section 4.1.2.6 of 5280).
On Fri, 25 Mar 2016, Stephen Kent wrote:
If the certificates are doppelgangers, wouldn't that mean that they
cannot have AIA's ? Otherwise at least one CA would be using an "unusual"
AIA revocation location that monitors would detect.
The doppelgangers could have AIAs, but they need not, and
Paul,
...
If the certificates are doppelgangers, wouldn't that mean that they
cannot have AIA's ? Otherwise at least one CA would be using an "unusual"
AIA revocation location that monitors would detect.
The doppelgangers could have AIAs, but they need not, and that is the
assumption
I