I'm still not 100% on this but it seems that now that we can generate certs from the KDLs it might be useful to be able to do this from software. This won't be useful in a generic CA since these typically mint certs by evaluating a CSR and, provided the CSR satisfies some policy, copying attributes & extensions from the CSR to the cert. But it could be a way to share code across things that create specific certs like the dice-mfg and permslip. Or this could be a waste of time and the smart thing to do would be to just write that code directly and be done with it ...
I'm still not 100% on this but it seems that now that we can generate certs from the KDLs it might be useful to be able to do this from software. This won't be useful in a generic CA since these typically mint certs by evaluating a CSR and, provided the CSR satisfies some policy, copying attributes & extensions from the CSR to the cert. But it could be a way to share code across things that create specific certs like the
dice-mfg
andpermslip
. Or this could be a waste of time and the smart thing to do would be to just write that code directly and be done with it ...