Hello,
Non-repudiation is technically a signature, but usually governed by a separate
policy or legal framework.
Thus, for "pkcs15-init --key-usage sign" (the shortcut) nonRepudiation should
not be included by default.
I thus propose the following change:
Index: pkcs15-init.c
===================================================================
--- pkcs15-init.c (revision 4068)
+++ pkcs15-init.c (working copy)
@@ -2441,7 +2441,7 @@
const char * name;
const char * list;
} x509_usage_aliases[] = {
- { "sign", "digitalSignature,nonRepudiation,keyCertSign,cRLSign" },
+ { "sign", "digitalSignature,keyCertSign,cRLSign" },
{ "decrypt", "keyEncipherment,dataEncipherment" },
{ NULL, NULL }
};
--
Martin Paljak
http://martin.paljak.pri.ee
+3725156495
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
