Victor B. Wagner wrote: > RFC 2511 defines ASN.1 syntax for putting multiple certificate request > into one message: > [..] > Question is - how widespread is use of this syntax, is there any > real-world CA which understand CertReqMessages sequence.
There are several PKI implementations which support CMP/CRMF (e.g. Entrust). At the client side I vaguely remember that it was added to Netscape 6.x. Not sure whether it's still actively maintained in Mozilla/Firefox etc. Note that CRMF is most times profiled in a vendor-/project-specific way. > It seems simple enough to support this syntax above openssl binary in > the scripts which process incoming requests. > > But is this really > neccessary, or there are good sequirity reasons to require people which > write key generation software to process each certificate request as > separate entity, even if several keys (say signature key and key > encipherment key) are generated simultaneously? What exactly are you trying to achieve? Implement a CA component which can deal with any enrollment protocol implemented in clients on earth? Ciao, Michael. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]