Kaur Virunurm schrieb:
>
> So, again:
> The bug in openssl is that ca application may drop some fields from the
> incoming certificate request without any warning or notification.
This is philosophy: The *CA* determines what should go into
the cert, not the *requestor*. So it is fine to ignore
all but what the CA wanted to have in the cert. Wether
there should be a big flash "Hey, the user wants to
trick you into something!" is another question.
But i see it as follows: The user is not under your control,
the CA (hopefully ;-) is. So everything you can do is to
assure that all goes the way *you* like. Why should you
care about the wishes of the users?
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
