* David Schwartz wrote on Mon, Oct 01, 2007 at 02:51 -0700:
> Before a CA signs a certificate, it needs to know that that the
> identity it is certifying owns the private key that corresponds
> to the public key in the certificate. This almost always
> requires that private key to be used in some way.
>
> Otherwise, how does the CA know it's signing the right key?
Theoretically a security officier could personally guarentee that
the CSR is authentic e.g. by comparing some hex dump with a
hardcopy/printout or alike, couldn't he[1]? But I have no clue
what this could be needful for...
oki,
Steffen
[1] I think the CA needs to verify this anyway - the CSR never
can prove that the key is authentic I think.
About Ingenico Throughout the world businesses rely on Ingenico for secure and
expedient electronic transaction acceptance. Ingenico products leverage proven
technology, established standards and unparalleled ergonomics to provide
optimal reliability, versatility and usability. This comprehensive range of
products is complemented by a global array of services and partnerships,
enabling businesses in a number of vertical sectors to accept transactions
anywhere their business takes them.
www.ingenico.com This message may contain confidential and/or privileged
information. If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose or take any action based on this
message or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this message.
Thank you for your cooperation.
About Ingenico Throughout the world businesses rely on Ingenico for secure and
expedient electronic transaction acceptance. Ingenico products leverage proven
technology, established standards and unparalleled ergonomics to provide
optimal reliability, versatility and usability. This comprehensive range of
products is complemented by a global array of services and partnerships,
enabling businesses in a number of vertical sectors to accept transactions
anywhere their business takes them.
www.ingenico.com This message may contain confidential and/or privileged
information. If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose or take any action based on this
message or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this message.
Thank you for your cooperation.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
