It depends on what you need. All you know in that case is that the certificate you have is one of the you do not know how many certificates signed by the CA. If all you are doing is providing blind authorization to all members of a group, that is enough. However, if you are doing pretty much any else, you need to be able to determine if the certificate you received belongs to the entity you are expecting to communicate with.
> If the DNS is not present as CN, the certificate simply states that the > CA (that I trust) did issue the private key to corresponding to the > public key contained within the certificate. And since the private key > is needed for signing and decryption, is this not security enough for > data transfer? > > /Jan Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. Interfaces with OpenSSH ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
