W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2001

Re: Multiple IssuerSerial/SubjectName/SKI in an X509Data

From: Rich Salz <rsalz@caveosystems.com>
Date: Thu, 25 Jan 2001 10:49:51 -0500
Message-ID: <3A704B1F.A5C649B6@caveosystems.com>
To: TAMURA Kent <kent@trl.ibm.co.jp>
CC: w3c-ietf-xmldsig@w3.org
> The latest specification allows multiple X509IssuerSerial
> elements, multiple X509SubjectName elements and multiple X509SKI
> elements in *an* X509Data.  I think all X509IssuerSerial
> elements must have the same content because they represent
> issuer information of the same certificate.  It this right?

No.  More than one CA can sign the same certificate, so it is possible
to have multiple "paths" from a given cert up to a trust anchor.

Certificate path verification, validation, etc., are tough issues; you
might want to take a look at the draft-ietf-pkix-new-part1-03.txt.
Received on Thursday, 25 January 2001 10:48:07 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:12 GMT