Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes:

>Peter, are you talking about generic CAs or in-corporation ones?

Both.  Typically what happens is that the CA generates the key and cert and
mails it to the user as a PKCS #12 file, either in plaintext, with the
password in the same email, or occasionally with the password in separate
email.  See "How to build a PKI that works" on my home page (direct link at, Challenge #2 starting on
p.25) for details, including a few sample quotes from users.

>I can definitely see different needs between those.

Actually they both seem to have the same need, it's the least effort to do it
this way.  Occasionally you see it dressed up as something else, e.g. "We
don't trust our users to generate the keys properly themselves" (one of those
was from a CA that's distinguished itself through the bugginess of its
software, which makes the comment rather amusing coming from them), but it
almost always boils down to the same thing.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to