On 2012-08-06 11:23, Andreas Schwier wrote: > I would assume, that checking constraints is the job of the RA, not the CA. > > Anyway, our design works the other way around: The card generates the > CSR internally, so the RA/CA can prove the key was generated in a > legitimate device. The device can be anywhere out in the wild.
Which is the future for smart cards, otherwise they must be physically distributed after provisioning. Anders > > Andreas > > Am 06.08.2012 11:04, schrieb NdK: >> Il 06/08/2012 10:15, Andreas Schwier ha scritto: >> >>> the name's just a name ;-) >> Probably he (like me) hoped it was something more like (would-be) >> MicroCA: a card taking a CSR and outputting a cert if constraints are >> satisfied... >> >> BYtE, >> Diego. >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel