David Schwartz wrote:
Michael Sierchio:
If it's your policy not to reuse keys, or allow their use beyond
the lifespan of the certificate, then the enforcement mechanism
for this MUST be in the CA.
I completely disagree. If this were true, CA's would generate the private key
as part of the certificate issuing process.
That doesn't follow. In any case, the only place where certificate issuing
policy can be enforced is the RA and/or CA. The rest of your argument is
just as specious, and I could make a career out of correcting your errors,
but you're determined not to learn.
- M
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
