Hi, > What does this accomplish you can’t just basically do with —client-cert-not- > required?
I am using --client-cert-not-required already. :) But that simplifies only the client half of the equation. TLS server will always need a certificate. And client will always need to verify it to prevent MITM attacks. So, you still need CA. The idea is to have a choice to drop CA completely. Of course, like JJK said: PKI is great and has its advantages. However, for small setups and some use-cases I'd be willing to live without it and have some simpler mean to validate mutual trust. Best regards, Simon
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
