David Schwartz wrote:
> Michael Sierchio:
>
>> If it's your policy not to reuse keys, or allow their use beyond
>> the lifespan of the certificate, then the enforcement mechanism
>> for this MUST be in the CA.

>
> I completely disagree. If this were true, CA's would generate the private key as part of the certificate issuing process.


That doesn't follow. In any case, the only place where certificate issuing
policy can be enforced is the RA and/or CA. The rest of your argument is
just as specious, and I could make a career out of correcting your errors,
but you're determined not to learn.

- M
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org