-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Simon" == Simon J Gerraty <sjg@crufty.net> writes:
    Simon> That may sound like a lot of mucking about - especially
    Simon> compared to the peer to peer model of GPG or SSH, but it has
    Simon> advantages in terms of scalability (which are perhaps not
    Simon> particularly important here).

  Frankly, you said it all here.

  If this is the only advantage, I don't think the complexity of the
"OpenSSL" is worth it.  As many have said, the "openssl" binary is
particularly poorly suited to actually doing anything with the library.
  If the code is built into pkg_* - i.e. we are using libssl, not
"openssl", great. Openssl is too hard to script.

  Otherwise, I suggest using simpleca (http://www.vpnc.org/simpleca/ )
or sticking with GnuPG, as sucky as I think GnuPG is.
  
- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQKPVEIqHRg3pndX9AQHZrQQAk4JXwrid4g3zI8LCOI1npYeHTTAd6Kcj
fnSkvbd2tBLi2n8/6Kd3yq974HiYlrOxK4P0bW9GUjRKBGt/RkEymzafR+apurmA
xawE9DE3/jsbqwFTYYU0jprOKhKgUiy9ZvcYozzI2UYOUTGAwz/A/Beper3jnMr7
24Q1Bv8GdUg=
=6tbY
-----END PGP SIGNATURE-----