You could enable that rule by disallowing certs from the anonymous CA, if that were an explosed functionality. (I'd expect to see it in future releases ;-)
--Ivan > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Christoph Willing > Sent: Friday, February 04, 2005 7:19 PM > To: Steve Gallo > Cc: Steve Smith; ag-tech > Subject: Re: [AG-TECH] Per-node certificates > > > > >> -----Original Message----- > >> From: [email protected] > [mailto:[email protected]]On > >> Behalf Of Steve Smith > >> Sent: Tuesday, February 01, 2005 9:51 PM > >> To: ag-tech > >> Subject: [AG-TECH] Per-node certificates > >> > >> > >> Hi, > >> > >> Is there any plan to re-institute per-node AG2 > certificates, and if > >> not what's the current accepted practise for multi-user, > >> multi-machine node setups? > >> > >> Cheers, > >> Steve > >> > > On 05/02/2005, at 4:42 AM, Steve Gallo wrote: > > > > > I believe that you can use an anonymous certificate, > although I think > > that there are some restrictions on what you can/can't do with them. > > > > That is a good use for Anonymous certificates. Their potential > shortcoming is if/when ACL's are used for secure meetings > (very rarely > done so far). If I were setting up a secure meeting room, my first > general "deny" rule would be aimed at any Anonymous certificate. Mind > you, I'm not sure that thats possible with the current ACL's, but an > ideal system should "allow" or "deny" classes of certificate such as > Anonymous. > > chris > > > Christoph Willing Ph: +61 7 3365 8350 > QPSF Access Grid Manager > University of Queensland > >
