Hi, I have some observations to make about OpenCA. Here are some ideas for enhancing the usability:
1/ First I think that RA Authority should better send two mails for a user. The first mail should be a mail which give directions for the user how to get its certificate (including the serial number to use (not encrypted but can be signed whith RA operator cert to prove the origin). The second mail is the one the RA transmits usually (about the revocation pin). The reason is that the user receives a mail he can't read, so he doesn't know which the serial to use for getting its brand-new cert. Of course, he can watch the serial in Valid Certificates List... 2/ I think that in valid certificates list a column listing the purpose of certificate should be added (the same mail address could be used for a Web server certificate an for a user certificate) 3/ Using the Basic Request, a user can request other types of certificates than user (VPN, Web server, Sub-CA, etc. I think that in this form the user which request such certificate should already have an user certificate and must sign the request. The request will pass the whole certification process... In return, the user have to be notified about the certificate issuance and receive a mail (encrypted whith his public mail certificate !!!) wich contains the password for its private key and the cert attached as a file( also the certificate revocation pin should be there, too. Please tell me if you don't need such kind of sugesstions to not bother you again. Thanks, Alex _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
