Thank you Victor. Can you point me to the rfc that defines this? Best
Am 25.03.2020 um 15:32 schrieb Viktor Dukhovni <[email protected]>: > > >> >> On Mar 24, 2020, at 11:12 AM, Dirk Menstermann <[email protected]> wrote: >> >> My expectation (maybe wrong) is that the serial and the issuer name belong to >> the same X509 certificate that the key id belongs to. > > Your expectation is "wrong". The issuer DN in the AKID is in fact > supposed to be the issuer's issuer. It would be redundant to > encode the issuer DN there, it is already present in the EE > certificate. > > -- > Viktor. >
