On Thu, 6 Dec 2001, Erwann ABALEA wrote:
eabale> I didn't say that it was technically impossible to do, but that
eabale> it was a bad way to make it automatic... The end user should
eabale> manually trust your CA, and he should understand what he's doing,
eabale> except if you want them to behave like dogs and do whatever you
eabale> tell them to do...
My end users will do it manually. The only difference is that they
will be presented with this action the first time they access any of my
servers.
My point was to make end user's life easier and at the same time
force them to install the CA certificate...
IMHO a lot security problems are located between chair and
keyboard, but that's another issue...
--
Paulo Matos
----------------------------------- ----------------------------------
|Sys & Net Admin | Servi�o de Inform�tica |
|Faculdade de Ci�ncias e Tecnologia | Tel: +351-21-2948596 |
|Universidade Nova de Lisboa | Fax: +351-21-2948548 |
|P-2829-516 Caparica | e-Mail: [EMAIL PROTECTED] |
----------------------------------- ----------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
