2010/6/24 Wolf Geldmacher <w...@womaro.ch>: >> > The serialNumber is the equivalent of UUID for a person and does not >> > change. >> >> Is the serialNumber unique for one CA only or for all the CAs? >> Or is it possible to have the same serialNumber issued by two different CAs? > It's unique for the CA but can be transferred to another CA.
So you can have two certificates from two different CAs having the same serialNumber. That could be an easy attack to impersonate you if both CAs are valid for pam_pkcs11. >> > Of course I could list (and maintain) each possibility on each machine, >> Yes, you could :-) > ... but having pattern matches would still be the nicer/more generic > solution ;-) Please provide a patch. > BTW: I've also opened up a bug report (#239) because I cannot get > pam_pkcs11 to continue past the first certificate - this is a > prerequisite for pattern matching to work at all and also necessary for > me to continue exploring. Is this a feature or a bug? Do you want me to > try and fix it? Please provide a patch. Bye -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel