Oliver Welter wrote:
therefore he hase the crin - which is encrypted and can only be read with the private key ;o)a) he lost his key - if so he cant make a signature
so he should extract it before someday...
b) the key was stolen - if so the signature is wortless
no - in case of a crr i think its not worthless because: - the one who stole the key won't issue an crr this would render the key useless - the real owner can still issue an crr and would do it in any case, since he wants hes key offical useless means put on crl... - if the one who stole the key issues an crr doens't matter since the user wants this too for sure... especially when its a key with 'more power' regarding to right (full qualified signature for example)
c) the device with holds the key gets demaged, not working anymore, but this is covered in a) i think...
d) he requested a new certificate with a new key-pair - for what reason ever - and just wants his old key stop working ,o)
So whats the idea behind ?
so i think, a user signed crr isn't so wrong
anyhow - the code needs to be able to handle more than one signature, if we wanna extend functionality in that sense, that there are maybe more than one operator needs to sign a request as an example
(which has been and still is on the whishlist i think)
and if a request had been signed by a user - this should be viewable, even if its just for documentation purposes...
greetings dalini
--
Ives Steglich Email: [EMAIL PROTECTED]
System Administration Tel.: +49 (0)3677 - 69 4882
Fax: +49 (0)3677 - 69 4399Fraunhofer Institute for Digital Media Technology Langewiesener Strasse 22 98693 Ilmenau Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
