I think that a part of Mozilla's acceptance policy should be the CA
providing copies of certificates for technical validation, as well as
the more political validation method which we've dealt with up to this
point.
-Kyle H
On 8/4/06, Frank Hecker <[EMAIL PROTECTED]> wrote:
Frank Hecker wrote:
I will be out of the office starting 08/04/2006 and will not return until
08/15/2006.
I will be out of the office from August 4th and will return on August 15th.
Regards,
Mario
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://
Frank Hecker wrote:
Nelson B wrote:
Frank Hecker wrote:
In looking at Geotrust's request to add more root CA certs (bug
294916) I happened to notice that Geotrust offers a somewhat similar
service, [snip]
From the product description it appears that one domain goes in the
CN attribute and th
Chris,
Below is comment from Nelson Bolyard of the NSS team regarding
Geotrust's Power Server ID certificates. Could you clarify how Geotrust
is implementing these certificates (i.e., in terms of using CN vs.
SubjectAltName)? You may in fact be doing the conformant thing, and I've
misinterpre
Nelson B wrote:
Frank Hecker wrote:
In looking at Geotrust's request to add more root CA certs (bug 294916)
I happened to notice that Geotrust offers a somewhat similar service,
[snip]
From the product description it appears that one domain
goes in the CN attribute and the rest in SubjectAltN
Arshad Noor wrote:
Yes, we chose not to use JSS directly for a couple of reasons:
1) The JSS interface does not map closely to the JCE in J2SE5
and required us to write JSS-specific code. This was
something we wanted to avoid, to keep our focus above the
abstraction layer provided by
Frank Hecker wrote:
> In looking at Geotrust's request to add more root CA certs (bug 294916)
> I happened to notice that Geotrust offers a somewhat similar service,
> [snip]
> From the product description it appears that one domain
> goes in the CN attribute and the rest in SubjectAltName.
Th
Arshad Noor wrote:
> StrongAuth, Inc., the company I am affiliated with, has just announced
> the availability of StrongKey(tm), a software product that can be used
> to centrally manage symmetric keys for an enterprise.
> The reason for my posting this message in this forum is that StrongKey
>
As I noted in an earlier message, Geotrust has applied to have three
more root CA certificates added; this is basically to support a
multi-year migration away from their current Equifax root certs. See bug
294916 for details:
http://bugzilla.mozilla.org/show_bug.cgi?id=294916
This is a strai
Frank Hecker wrote:
Someone brought to my attention today that Go Daddy is now offering a
"6-in-1" SSL certificate where they allow you to associate multiple
domain names from different TLDs with a single certificate:
https://www.godaddy.com/gdshop/whatsnew/landing.asp?se=%2B&app%5Fhdr=&ci=463
Wan-Teh Chang wrote:
This bug seems to have been introduced in NSS 3.4. (The core of
the NSS certificate handling code was rewritten in NSS 3.4.) In
NSS 3.3.2, PK11_ImportCert has the following code:
if(includeTrust && PK11_IsInternal(slot)) {
attrs++;
certUsage = (SECCert
David Stutzman wrote:
PK11_ImportCert has the following signature:
SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust)
Looking at the implementation in
nss-3.11.2/mozilla/security/nss/lib/pk11wrap/pk11cert.c, line 7
PK11_ImportCert has the following signature:
SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust)
Looking at the implementation in
nss-3.11.2/mozilla/security/nss/lib/pk11wrap/pk11cert.c, line 790, I
don't see "i
13 matches
Mail list logo
