|
|
On Sun, 18 Sep 2005, Mathias Sundman wrote: > On Sun, 18 Sep 2005, Alon Bar-Lev wrote: > > > On 9/18/05, Mathias Sundman <mathias@xxxxxxxxxx> wrote: > >> If I were to write the pkcs12 support now after this díscussion I'd > >> propably have made it like you say, but now when the feature (or security > >> issue as you look at it) already exists, it's a little harder to just > >> remove it. > > > > Will you make the change (--ca overrides the read of CA from the PKCS#12)? > > Yes, I can fix that, unless someone thinks that's a bad thing. I can't see > anything bad with it at least. James, any comments? Notwithstanding the issues of identity vs. trust, most people are using PKCS#12 as a kind of zip/archive file containing certs/keys. I'm not clear on what the argument is for why security would be affected by the way the files are packaged? James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |