Re: TR: Request change in son-of-rfc2633
pgut001@cs.auckland.ac.nz (Peter Gutmann) Wed, 29 October 2003 09:58 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA00983 for <smime-archive@lists.ietf.org>; Wed, 29 Oct 2003 04:58:24 -0500 (EST)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T9VWI7004140 for <ietf-smime-bks@above.proper.com>; Wed, 29 Oct 2003 01:31:32 -0800 (PST) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9T9VWJx004139 for ietf-smime-bks; Wed, 29 Oct 2003 01:31:32 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T9VUI7004121 for <ietf-smime@imc.org>; Wed, 29 Oct 2003 01:31:31 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9T9VKo9018713; Wed, 29 Oct 2003 22:31:20 +1300
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9T9Xbg11033; Wed, 29 Oct 2003 22:33:37 +1300
Date: Wed, 29 Oct 2003 22:33:37 +1300
Message-Id: <200310290933.h9T9Xbg11033@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz
To: aalberti@axway.com, ietf-smime@imc.org
Subject: Re: TR: Request change in son-of-rfc2633
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
"Alberti Antoine" <aalberti@axway.com> writes: >Actually, I even wonder what guarantees that a iAndS is unique, as, as far as >I know, there is no unique LDAP repository (or anything else) for DNs, and >each one is only unique in the issuer's scope. By chance, it seems that the >whole system finally works, but mathematically, it does not: 2 different CAs >may issue 2 CA certs with the same subjectName, and these CAs may issue 2 >certs with the same serial. Well, firstly, X.500 theology requires that you believe that all (CA) DNs are unique, and to even claim otherwise is treason punishable by limb reconstruction. In any case even if you do run into a situation where two CAs choose to use the same DN, the chance of the serial numbers (a 128-bit or 160- bit random hash value in most cases) matching as well are... slim. Peter.
- TR: Request change in son-of-rfc2633 Alberti Antoine
- Re: TR: Request change in son-of-rfc2633 Peter Gutmann
- RE: TR: Request change in son-of-rfc2633 Tony Capel