On Wed, Jul 26, 2023 at 03:56:12PM +0000, Rob Stradling wrote: > Is it required that a CA's Subject DN must be globally unique? No.
RFC 5280, section 4.1.2.2: "It [the serial number] MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate)." And a question: Is there anything in PKIX that bans two issuers with the same key but different name (that has happened) from issuing a certificate with the same serial number? I checked baseline requirements, I did not see anoything banning that (albeit the entropy requirements make it unlikely). -Ilari _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
