Martin Bartosch wrote: > Consequently, the certificate status should be set to REVOKED immediately > after final approval in the RA, I think. > hmm, i don't know - a certificat isn't issued just becouse someone at the ra approved it - only the ca can do this - so for removal
but removing may be considered a specially critical operation it would also mean - anyone able to compromise the ra may set certificates to revoked states - even if your ca is still in a valid state of operation - so i don't know, this could rise other vulnurabilities to the whole infrastructure, since the ra has to be as secure as the ca-systems - since it ca revoke certificates... maybe not the best idea ;) greetings dalini ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ OpenCA-Devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-devel
