petithug
commented
11 years ago Well, it depends if the enrollment server can allocate certificates with a different domain name than the overlay name or not. My enrollment server can only allocate a name with the overlay name as domain name, so in this case, they are globally unique. Other enrollment server may choose a different interpretation of the spec.
From: Mary Barnes
Description: Section 12 [13]. I'm assuming that the security directorate has reviewed this in detail, thus my focus in reviewing this section was on general understanding. The biggest issues is that there is NO normative language at all in the security section. As in other sections, terms like "need", "are/is used/sent, etc.", "ensure", lower case reserved words rather than upper case, etc. are used when normative language ought to have been used.
Notes: Will try to fix that as suggested