Eddy Nigg (StartCom Ltd.) wrote: > According to Mozilla CA policy > http://www.mozilla.org/projects/security/certs/policy/ section 4: > > "...might cause technical problems with the operation of our software, > for example, with CAs that issue certificates that have..." > "...duplicate issuer names and serial numbers" > > Now I'm not sure if this applies or not (but remembering also from EV), > root certificates from the same CA MUST NOT have the same serial number. > > The ARGE DATEN roots have duplicate serial numbers ( > http://www.mozilla.org/projects/security/certs/pending/#ARGE%20DATEN ).
Yes, but they have different issuer names. The rules is: no certs that duplicate BOTH the issuer name and the serial number. Maybe the policy can be reworked slightly to make that clearer. /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
