Alan Sparks wrote:
>
> Am I missing something? It seems that there is no security whatsoever
> on people getting other people's certificates from the OpenCA secure
[...]
> Shouldn't this certificate be pre-encrypted with the PIN the person
> submitted when the request was made? Or at least something to prevent
> this?
What's for ?? The certificate contains only PUBLIC data and should be
made available (as widely as you can).
> Or is it just that the private key part isn't there, and therefore just
> is no good to anyone else?
That's right: the CA NEVER comes in contact with the secret key of the
user(s) to fulfill security issue and to garantee the certificate's
owner: the security of his private key is a owner-only issue.
I hope this clarifies why certificates are publicly available.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
