- From: Rich Salz <rsalz@caveosystems.com>
- Date: Thu, 25 Jan 2001 10:49:51 -0500
- To: TAMURA Kent <kent@trl.ibm.co.jp>
- CC: w3c-ietf-xmldsig@w3.org
> The latest specification allows multiple X509IssuerSerial > elements, multiple X509SubjectName elements and multiple X509SKI > elements in *an* X509Data. I think all X509IssuerSerial > elements must have the same content because they represent > issuer information of the same certificate. It this right? No. More than one CA can sign the same certificate, so it is possible to have multiple "paths" from a given cert up to a trust anchor. Certificate path verification, validation, etc., are tough issues; you might want to take a look at the draft-ietf-pkix-new-part1-03.txt.
Received on Thursday, 25 January 2001 10:48:07 UTC