Next: Authentication Up: Naming and certification Previous: Certificate transport Contents Index
A principal is uniquely identified by the pair (Public Key, X.500 DN). A collision of this pair is equivalent to a compromise of the private key and must be treated as such (i.e. renew key pair). Collisions of the X.500 DN can be tolerated, although they should be minimised for efficiency's sake.
It is legitimate for entities in Jtrix to refuse identities that are either uncertified or certified by ``untrusted'' principals.