"Sean W. Smith" <[EMAIL PROTECTED]> writes: >I would have thought that de facto standard approach is: the client >constructs the certificate request message, which contains things like the >public key and identifying info, and signs it. The CA then checks the >signature against the public key in the message.
A depressing number of CAs generate the private key themselves and mail out to the client. This is another type of PoP, the CA knows the client has the private key because they've generated it for them. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
