An interesting question. Should it be PGP-signed? Well, since it's an
X.509-based system, that wouldn't look great. And if it's signed with
an X.509 cert, you can only verify with an outside source, and how many
folks have convenient access to software that can do that? Of course,
it can't be the openssl you just downloaded, since that could be
buggered up...
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
