Hi, >> IMO it is desirable to make email behaviour configurable, at least >> with the following options: >> - use the PIN entered by the user in the CSR > there is already an configuration option > - to use the userpin > - or generate a new pin
OK, thanks for the information. It must have slipped my attention... >> - explicitly send PIN unencrypted if not user certificate is >> available >> > if no usercert is available something is wrong and the last thing should > be starting sending plaintext pins around then... ,o) There is not necessarily something wrong if no user cert is available: 1. The user might not yet have a certificate (bootstrap problem) 2. The mail system used might not be able to support end-to-end encryption (either because of technical limitations or because of policy decisions). E. g. Lotus Notes systems often use proprietary end-to-end encryption, and it is really painful to add end user certificates into such an infrastructure. 3. The user might not order a client cert for himself, but rather a system certificate e. g. for an SSL server But you are of course perfectly right, PINs should not normally be mailed in the clear. However, in test environment and in certain cases for server certificates this is acceptable, so I think a configurable option (default off, with big fat warning above...) might be useful. There are even infrastructures where it is impossible to provide users with client certificates. >> 2. Pending CSR notification >> Once a new CSR (or CRR) rolls in, it might be desirable to have an >> automatic notification via email to start the cert issuance workflow. >> This might either be triggered by an incoming request or perhaps by >> a scheduled event, e. g. once a day and sending out a summary about >> all pending requests. >> > please file an feature request ,o) will do so... :) >> 3. Automatic email processing >> The pending emails seem to be spooled in the var/mail directory, and >> I understand that I have to manually issue the "Send email" command >> from the node interface. >> Can this be configured to send out pending email automatically? > > there is an configuration option to send mails automaticaly > (config.xml) but this works only if you use ex- and import i think > so if there is no ex/import steps this don't get called automaticaly > during the importprocedure OK, understood. Thanks, Martin ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
