Re: [OpenCA-Devel] Signatures on objects

Martin Bartosch Fri, 25 Feb 2005 07:08:54 -0800

Hi Michael,

> I would like to implement a function sign_object. Everyone can sign a
> object to signal that he verified the object. This has nothing to do
> with the state APPROVED. This way of using signatures allows the old
> style management (only issuing certs from approved and signed requests)
> but it supports much more things too.
>
> A RA operator can sign a pending request for a CA operator certificate
> to signal a CA operator that the data in the request is checked.
> Nevertheless only a CA operator can approve the request. The idea is to
> allow much more detailed and flexible policies.


sounds good. I remember discussing something similar in November
last year or so. Just make sure the signature is just one possible
way of adding a 'approval' for a new state. There will be situations
where policy demands an environment where signatures are not desired.

Martin




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
OpenCA-Devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Re: [OpenCA-Devel] Signatures on objects

Reply via email to