On Fri, Apr 01, 2005 at 12:49:50PM -0800, Chris Adams wrote:
On Apr 1, 2005, at 12:10 PM, Henrique de Moraes Holschuh wrote:On Fri, 01 Apr 2005, martin f krafft wrote:... and you need a passphrase to decode the key -- or at least you *should* need one.Better not count on it when dealing with users.That's what I meant by the two approaches being equal from a policy perspective - you're going to have to audit either way.
And you audit that how? By having your users send their private keys to you? Mike Stone