hi, On Tue, Mar 23, 2010 at 4:56 PM, Dr. Stephen Henson <st...@openssl.org> wrote: >> Which, if any/all, of the "Digital Signature, Non Repudiation, Key >> Encipherment" KeyUsage specifications are required, if this cert will >> be used ONLY for/by the OCSP responder daemon? >> > > Well Key Encipherment is not required and there's the usual can of worms > associated with the NR bit. I'd say just digital signature is sufficient.
Thanks. Not sure what the "usual can of worms" refers to; worth a bit of digging, I suppose. Also, in an OCSP cert's 'type', nsCertType = server, client, objsign Is client really necessary? Server & Objsign I can understand ... or, is it similar to SMTP where there exist both server & client components? Cheers. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
