sherwin Lu said: > The only reason to put the CA on another machine is > security. Of couse, the only reason to use a CA is > security. > If possible, I would suggest you leave the CA off > the network when not in use. Even better is to > transfer the CSR and certificates back and forth on > floppy and not even put the CA on a network. > In the Enterprise, the root CA is stored on > persistent storage inside a safe(physically locked > away) and a 1st level CA deligated by the root level > CA actually signs certificates. This makes recovery > simpler if the 1st level CA get compromised. Don't > bother with this if you're not going to sign many > certificates. Oh OK that makes great sense. Thanks for the information! ===== /dev/idal "GNU/Linux is free freedom" --Me __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message.
