[cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

Gervase Markham gerv at mozilla.org
Wed Apr 26 16:56:56 UTC 2017

On 25/04/17 18:15, Peter Bowen wrote:
> What does "such that the certificate's Name is unique across all
> certificates issued by the issuing certificate” mean?  How is this a
> requirement on commonName, if this means the full subject Name?

In the previous discussion, you wrote:

"What is the rationale of requiring a unique commonName attribute per
issuer rather than a unique Name per issuer?  Amazon purposefully chose
to use the same commonName (but different Names) for issuers that follow
the same policy and only vary by cryptographic parameters (e.g. public
key algorithm, key size and signature hash algorithm)."

And I said:

"If everyone else is fine with this, I am. (By Name, do you mean DN?)"

No-one else commented, so I just used your words in the ballot - "unique
Name per issuer".


More information about the Public mailing list