I would assume, that checking constraints is the job of the RA, not the CA.
Anyway, our design works the other way around: The card generates the CSR internally, so the RA/CA can prove the key was generated in a legitimate device. The device can be anywhere out in the wild. Andreas Am 06.08.2012 11:04, schrieb NdK: > Il 06/08/2012 10:15, Andreas Schwier ha scritto: > >> the name's just a name ;-) > Probably he (like me) hoped it was something more like (would-be) > MicroCA: a card taking a CSR and outputting a cert if constraints are > satisfied... > > BYtE, > Diego. > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 171 8334920 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
