Sorry about the top post, but I thought of a few things to add to my
last post to this thread...
1 - I agree that for systems like laptops, the line between machine and
user authentication is fuzzy.
2 - I do like your idea of having an exports(5) option that specifies a CN
that identifie
John-Mark Gurney wrote:
[lots of stuff snipped]
>Rick Macklem wrote:
>> I had originally planned on some "secret" in the certificate (like a CN name
>> that satisfies some regular expression or ???) but others convinced me that
>> that wouldn't provide anything beyond knowing that the certificate w