Hello,
According to SCEP documentation, it is RECOMMENDED that the challengePassword be a one-time authenticator value to limit the ability of an attacker. Does OpenXPKI support one-time password for each cert enrollment? As I understand the current design is that I can have a single challenge value for all enrollment request which is by default set to 'SecertChallenge'. Does that mean OpenXPKI is insecure? Thanks, Kaushik
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
