Re: Multiple IssuerSerial/SubjectName/SKI in an X509Data

> The latest specification allows multiple X509IssuerSerial
> elements, multiple X509SubjectName elements and multiple X509SKI
> elements in *an* X509Data.  I think all X509IssuerSerial
> elements must have the same content because they represent
> issuer information of the same certificate.  It this right?

No.  More than one CA can sign the same certificate, so it is possible
to have multiple "paths" from a given cert up to a trust anchor.

Certificate path verification, validation, etc., are tough issues; you
might want to take a look at the draft-ietf-pkix-new-part1-03.txt.

Received on Thursday, 25 January 2001 10:48:07 UTC