Chuck Okerstrom wrote:
> or even tell me what parameters of the 
> cert generation itself are critical to this whole process?
Oh dear, and here I was trying to be nice to people.

The PKCS certificates are used for one purpose, and one purpose only. As 
a standard way of storing the public key. They are not tested for any 
validity (by rsyncrypto) beyond that, at all. They can have whatever 
name you want, be signed, unsigned or self signed, and can even be 
expired for all rsyncrypto cares. The only thing that matters is the 
public key stored in them.
>   If I'd 
> incorrectly specified the cert generation parameters would it still 
> work, but maybe not optimally?
>   
No. If it has the right key, it will work. If it hasn't, it won't. The 
only reason PKCS certificates were used at all was that there is no 
other standard way to store a public key.

Hope that quieten your concerns.

Shachar

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Rsyncrypto-devel mailing list
Rsyncrypto-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsyncrypto-devel

Reply via email to