> Most CAs will have some requirements on the lengths of the public keys they
> will sign. Currently the CA has to manually check the key length once a
> certificate request arrives since "openssl ca" gives no indication about
> the key length. I think it would be a good idea if the CA could use the
> openssl.cnf to specify the minimum length so that the "ca" command
> automatically checks the incoming request against the configuration and
> rejects keys that are too short.
>
> Comments?
Hi Stefan,
Some comments, the keylength is not the only thing I'd like to see. Before
certifying a key I would also like to see some sort of unique identifier
like the fingerprint of PGP keys. Also the algorithm used would be
usefull. I can solve all this by scripting around openssl ca, but it would
be nicer to have it in the package.
That's something I think the current release of openssl lacks, simple means
of implementing verification procedures. But it works :)
Jan
--
alive=true
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]