Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes: >Peter, are you talking about generic CAs or in-corporation ones?
Both. Typically what happens is that the CA generates the key and cert and mails it to the user as a PKCS #12 file, either in plaintext, with the password in the same email, or occasionally with the password in separate email. See "How to build a PKI that works" on my home page (direct link at http://www.cs.auckland.ac.nz/~pgut001/pubs/howto.pdf, Challenge #2 starting on p.25) for details, including a few sample quotes from users. >I can definitely see different needs between those. Actually they both seem to have the same need, it's the least effort to do it this way. Occasionally you see it dressed up as something else, e.g. "We don't trust our users to generate the keys properly themselves" (one of those was from a CA that's distinguished itself through the bugginess of its software, which makes the comment rather amusing coming from them), but it almost always boils down to the same thing. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]