Shibboleth Developers

[Scott Cantor <>]

>  So Larry wrote one that ignores the key-usage errors (see 
> keyserver.c in the pubcookie src, or I can forward). 

I know where the source is, I can take a look.

> Obviously this would be a change to mod_ssl, hence 
> unattractive.  I don't see any mod_ssl knobs about this.  And 
> adding a hack to do something that's now explicitly 
> prohibited by the RFC doesn't make for sleeping comfortably.

That's where I'm at. It's doubly not good.

CREN would be nice as an alternative, but I can't seem to get clear
what/if they're charging for the new direct server cert service.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--