> Am I missing something? It seems that there is no security whatsoever > on people getting other people's certificates from the OpenCA secure > server page. Just go to the "get certificate" page and put in an > arbitrary serial number and there you go with someone else's > certificate. Certificates are public. per definition the public information you wish to be associated with. The only thing private in the entire theory is the private key and that is never handled by a second or third party unless for escrowing. /* Mattias O.C. Bååth CSC Sweden AB - SECUREnable The key words "MUST", "REQUIRED", "SHOULD", "RECOMMENDED", and "MAY" in this document are to be interpreted as described in [RFC2119]. */ _________________________________________________________________ OpenCA - Users Support Mailing List [EMAIL PROTECTED]
