On 11/06/09 08:39, Simo Sorce wrote: > On Fri, 2009-11-06 at 08:21 -0800, Andrew Wnuk wrote: > >> Some of this random stuff could be filtered on the client side before >> CSR is generated. >> > You can't trust the client, period. > > Simo. > > > Yes but that should not stop the client from verification of its inputs. Andrew