Jan Meijer wrote:
>
> Hi Massimiliano,
>
> > and you should be set, just try the program and please report bugs/enhancements
> > you might want to add.
>
> I tried your patch today, it compiled smoothly. It also works :) You've
> made me a happy man :)
>
> The keysize is exactly what I was looking for, but there are two things I
> would really like to see also.
Let's see. Currently I am waiting news from Dr. S.H. about the spkac stuff.
Hope it will be included in the next release :-D
> First one is the algorithm with which the key was created. Technically it
> does not really matter right now I think, but our policy makes clear
> statements about the type of keys that are certified (yep, we took RFC 2527
> and are nearly done with it :), so that's why it is rather usefull....
You are asking wich type of algorithm the user is about to use (DSA/RSA/
whatever) ?
> Second thing I'm not really sure about what I would like to see.
>
> I'll try to explain. When a client (netscape browser) submits a certificate
> request the browser generates a key, the SPKAC request + DN is submitted on
> the enrollmentserver. Because the browser has no built-in possibility to
> show the public key properties identifying the just created key (until the
> certificate is imported, and then it's to late) we want to read these
> properties from the request. So what I need to get out of the SPKAC packet
> is something that is similar to the PGP key fingerprint. Do you think this
> could be easily added to the spkac patch? Or do you perhaps have the format
> of an SPKAC packet? That would be helpfull also....perhaps I could built it
> in myself (despite my rusty c....)
I am not sure I understood it (partially because I never took a close look
to PGP ... blame me (!!!)): can you make some real example ? Cout that be
the public key itself contained in the SPKAC ?
> Again, thank you for making it public, it's a great help :)
Are you kiddin' ?? First rule of the Net: you give one and get 100 in return!
I'm happy if I can share my (poor) knoledge with someone else...
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
