On Tue, Feb 25, 2014 at 2:23 AM, Ben Laurie <[email protected]> wrote: > On 24 February 2014 19:17, Phillip Hallam-Baker <[email protected]> wrote: > > What exactly is a 'precertificate'. Either something is a cert or it is > not. > > > > If it parses as an X.509v3 certificate then it is an X.509v3 certificate > and > > thats an end to it. > > Indeed, and a precertificate is a certificate. RFC 6962 defines what > exactly it is. > > Not sure where you're going with this.
Ritual compliance with the existing PKIX spec. Having two end entity certs with the same serial number is going to be a problem. > > If it is not then it is probably a CSR which would seem to be the > existing > > PKIX structure that fits its purpose. > > Not really - a precertificate needs to be signed. > CSRs are signed. -- Website: http://hallambaker.com/
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
