Name Constraints, was Re: [caops-wg] Re: ca signing policy file

[Cowles, Robert D.]

The obvious choice for the "identifier" is the public
key.  The drawback  is that it would be good to change
the keypair more often than you change identity.

Can you explain name collisions cannot occur?

BC

> -----Original Message-----
> From: Frank Siebenlist [mailto:franks at mcs.anl.gov] 
...
> 
> When you say "name collisions", you must be referring to either 
> compromised CAs or errors as name collisions should not occur...
>