6 Nov
2009
6 Nov
'09
10:44 a.m.
Zitat von Martijn Brinkers <martijn(a)djigzo.com>om>:
lst_hoe02(a)kwsoft.de wrote:
Ah, okay...
The end user certificates are used to sign/encrypt/decrypt and can be
assigned to users the and intermediate CAs should be handeled like the
root CA, so it is a "sort-by-function" thing...
Would it be acceptable to only store "trusted" intermediate CAs for
which we have a root CA and store them along with the roots??
The system need to make a distinction between roots and non-roots. Djigzo is designed to make it scale to large numbers
of certificates (it
has been tested with more than 40.000 certificates). To make it scalable
the roots need to be stored separately. That however doesn't mean you
can visually show it differently to the user. I however like the roots
the be separately shown because whether you trust a root or not is
extremely important.
Yes, but it is useful to seperate "user" certs from CAs either to find
missing pieces in the CA path for example.
What perhaps can add is a filter that allows you to
filter on
intermediate certificates or end-user certificates. When selecting an
encryption certificate for a user only end-user certificates are shown
by default.
As said it is more the "sort-by-function" approach which lead to the
question. I have learned to think in certificates and trust-chain
where root-Ca and intermediate CA belong together. I can cope with it
if it is technical needed but a sorting eg. for don't show anything
with CA=true or only show CA=true would by nice to have.
Regards
Andreas