> This can be done in Mozilla by modifing the default nssckbi.dll file to > include you root cert. For other Microsoft CAPI based program, you will > need to find another solution so that it's automatically included on > every machine.
Now this is very interesting. For a while I have been considering setting up a private CA. Root distribution would not be a problem for those interested and protocol is underway for member authentication. for Jennifer's problem, a limited structure PKI is quite feasible. The OpenSSL front end xCA works great . If the organization is Windows based, the Root can be pushed to the enterprise members as an update and then recognized in MS mail clients; or a simple server set up to do cert requests and distribution. If the company is small, then cert creation and distribution can be done manually with xCA. Like several here, I advocate the ease of use that S/MIME gives. The problem of cert/key authentication by a Root is the issue with private certs. If your circle is closed or small enough, that can be over come. Yours- Ridge Cook "Jean-Marc Desperrier" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] <snip> _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
