alexandru matei schrieb: > > 1/ First I think that RA Authority should better send two mails for a > user. The first mail should be a mail which give directions for the user > how to get its certificate (including the serial number to use (not > encrypted but can be signed whith RA operator cert to prove the origin). > The second mail is the one the RA transmits usually (about the > revocation pin). The reason is that the user receives a mail he can't > read, so he doesn't know which the serial to use for getting its > brand-new cert. Of course, he can watch the serial in Valid Certificates > List...
This sounds reasonable. > 2/ I think that in valid certificates list a column listing the purpose > of certificate should be added (the same mail address could be used for > a Web server certificate an for a user certificate) So we should display the role? > 3/ Using the Basic Request, a user can request other types of > certificates than user (VPN, Web server, Sub-CA, etc. I think that in > this form the user which request such certificate should already have an > user certificate and must sign the request. The request will pass the > whole certification process... In return, the user have to be notified > about the certificate issuance and receive a mail (encrypted whith his > public mail certificate !!!) wich contains the password for its private > key and the cert attached as a file( also the certificate revocation pin > should be there, too. This is really dangerous because we force everybuddy (not only the RA Operators) to use Netscape. The CRIN-mail is a good idea. Regards Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
