Why not add comments to the bug report instead of the mailing list? I guess it is not intentional.
2010/6/23 Wolf Geldmacher <[email protected]>: > The serialNumber is the equivalent of UUID for a person and does not > change. Is the serialNumber unique for one CA only or for all the CAs? Or is it possible to have the same serialNumber issued by two different CAs? > A person can have several SuisseID's issued to the him/her containing > different email addresses and possibly associations to one/more > different companies, issued by different CA's (even concurrently!). > > As long as it's the same individual the serialNumber remains the same. > > Also: There already is a second certificate (certificate #5) on the > token (only used for qualified signatures right now) that shows the > deal: > > - Subject: /CN=Wolf Geldmacher (Qualified > Signature)/[email protected]/serialNumber=1300-0010-7568-6942 > - Issuer: /C=CH/O=SwissSign AG/CN=SwissSign Qualified Platinum CA > 2010 - G2 > - Algorithm: rsaEncryption > > -> Different CA, Different CN, same serialNumber I guess the two certificates have two different private keys. How pam_pkcs11 is supposed to know which public key to use if you only give it the serialNumber matching two certificates? pam_pkcs11 will just use the first certificate it finds that match the serialNumber? > Of course I could list (and maintain) each possibility on each machine, Yes, you could :-) Bye -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
