Re: Alternative of cryptogen for Prod


Jean-Gaël Dominé <jgdomine@...>
 

Hi Hakan

For the 2), you have several options: 
a) The CA generates self-signed certificate and key
b) you provide them to the CA (manually or HSM)
So the CA does create the root certificate if you want him to.

As for the 1), I agree that it is encoded in the genesis block but how can two organizations trust each other if you use self-signed certificates that you cannot verify by a public certification authority?
To me it is not because the Fabric network runs correctly and trusts everything happening in it that it makes a trustworthy Hyperledger blockchain. You need to be sure that the participants are who they pretend to be and to me this is not possible through the use of cryptogen.

But again this is my understanding of Hyperledger Fabric

Regards,

JG

Join fabric@lists.hyperledger.org to automatically receive all group messages.