"Richard Levitte via RT" <[EMAIL PROTECTED]> writes: > I'm honestly very unsure about this one. After all, "openssl ca" > already covers this, so I wonder why there's a need to create another > way to do the same thing, and add to the confusion on how to do things.. > .
How would you use "openssl ca" to do the same? Wouldn't it change fields in signed certificate, or at least require that the CA key used to sign correspond to the issuer in the certificate to be signed? As far as I understood, the RT thread only indicate "openssl ca" has the same poor security as -noselfsign imply (in that it makes it possible for the user to sign certificates without POP), not that "openssl ca" can do the same operation. That said, I'm not using OpenSSL today, so I don't have a real interest in the patch. If you believe it doesn't add value, I won't pursue the matter further. Thanks, Simon ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
