Hello Kyle,
1) The terminal must have its own keypair (in AD, it's a preshared
machine password hash) which must be used to authenticate the
terminal.
In this example, are you referring to platform authentication or to an
attestation of the software stack loaded on the platform? What I mean b
Julien Pierre wrote:
There is no API to do this directly, but it's possible. However, it'll
take some work. Try the following :
1) read and backup the DER cert (or certs, if you have multiple with the
same subject name) from the DB . There is a "SECItem derCert" field in
the CERTCertificate str
Dennis Sinelnikov wrote:
Take a look at IBM's free KeyMan tool --
http://www.alphaworks.ibm.com/tech/keyman
I was able to accomplish what you want to do with this tool.
That worked...editing the P12 file. At first I was trying to open the
NSS db but it doesn't have the "Netscape" option acti
To get such an attestation to TLS, there are really two
authentications that must be done (and this is, btw, akin to the model
that MS Active Directory takes):
1) The terminal must have its own keypair (in AD, it's a preshared
machine password hash) which must be used to authenticate the
terminal
David,
Take a look at IBM's free KeyMan tool --
http://www.alphaworks.ibm.com/tech/keyman
I was able to accomplish what you want to do with this tool.
Regards,
Dennis
David Stutzman wrote:
I am importing into a certdb the contents of a pl2 file using
pk12util. I am ending up with certific
David,
Take a look at IBM's free KeyMan tool --
http://www.alphaworks.ibm.com/tech/keyman
I was able to accomplish what you want to do with this tool.
Regards,
Dennis
David Stutzman wrote:
I am importing into a certdb the contents of a pl2 file using
pk12util. I am ending up with certifica
>I think you'll find that the symbol whose name you mentioned
>(nssCKFWHash_Add) isn't listed in any .def file, and therefore is not
>actually exported despite the dllexport designation.
Hmm - seems bad form to have it marked dllexport in the header
if its not what happens. :-(
Would there be any
David,
David Stutzman wrote:
I am importing into a certdb the contents of a pl2 file using pk12util.
I am ending up with certificate nicknames that = the DN of the
certificates. I would like to change the nickname of some of these
certificates. I see there is no way to do this with certut
I am importing into a certdb the contents of a pl2 file using pk12util.
I am ending up with certificate nicknames that = the DN of the
certificates. I would like to change the nickname of some of these
certificates. I see there is no way to do this with certutil and there
is no way to speci
Jim Spring wrote:
I am seeing mixed messages when I search google on this one. I haven't
had a chance to delve into the code yet. But, is Thunderbird capable of
retrieving SMIME certificates from an LDAP repository? If so, are there
any decent how-tos on this? I suspect, if it does work, it
Hi Anders,
Thanks for your reply.
As you say TPMs may be used in a bad way. It is really up to
the "market" to decide what to use TPMs for. This includes us
as well :)
I completely agree with you here. Especially since the TPM-enablied
technologies haven't been widely implemented yet into
Hi Peter,
Thanks for sharing this information with us.
As you say TPMs may be used in a bad way. It is really up to
the "market" to decide what to use TPMs for. This includes us
as well :)
If platform attestations will reach TLS or not is of course an interesting
topic and at this stage we can
Hello all,
I believe that TPM-generated platform attestation is a powerful mechanism
that can be used to augment user authentication, but it has its issues, some
of which were mentioned above:
- TPM attestation is based on attestation quotes which are digitally signed
attestation logs. Attestat
13 matches
Mail list logo
