On 9/8/20 6:38 PM, Arne Schwabe wrote:
I really wonder which large deployment want to do that instead of a CA. I really understand the need for small and simple deployments. But for larger deployments a CA + CRL seems more useful for everything that I can come up with.
It would be more for the situation where you already have a "parallel trust", e.g. through an OAuth API where a CA would be redundant. Just having an API to register fingerprints (which would act as a CRL at the same time by simply removing fingerprints) is easier than having a complete CA with CRL.
Of course, all of this can also be done by using a CA, and something can be said that if you operate on that scale you can also handle the extra "cost" of a CA...
Thanks, François _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
