>
> I would like to be able to set a minimum key length through some sort of
> openssl.cnf option, eg. "minimum_bits=1024" in the "[ policy_match ]" section.
>
> Most CAs will have some requirements on the lengths of the public keys they
> will sign. Currently the CA has to manually check the key length once a
> certificate request arrives since "openssl ca" gives no indication about
> the key length. I think it would be a good idea if the CA could use the
> openssl.cnf to specify the minimum length so that the "ca" command
> automatically checks the incoming request against the configuration and
> rejects keys that are too short.
>
Sorry for me nagging but could someone from the developer team comment on
my inquiry, please? Or has this issue been discussed on the dev list to
which I'm not subsribed?
Cheers,
Stefan.
______________________________________________________________________________
Stefan Kelm PGP key: "finger [EMAIL PROTECTED]" or via key server
DFN-PCA <[EMAIL PROTECTED]>
Vogt-Koelln-Str. 30 http://www.pca.dfn.de/~kelm/
22527 Hamburg (Germany) Tel: +49 40 428 83-2262 / Fax: -2241
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
