Re: Proposal for improving the security of add-on updates

Eddy Nigg (StartCom Ltd.) wrote: > Which means that at least 60 % of all clients don't support it yet. It's > not there yet and it will take some time until real hosting providers > can rely on that and deploy without fear...just imagine supporting only > 40% of all clients/browsers ;-) That's 40

Re: Proposal for improving the security of add-on updates

Hi Nelson, Nelson B wrote: Well, then let me introduce you to "Server Name Indication" (SNI). It's SSL on port 443 (could be any port, such as the port for IMAP-over-SSL, that negotiates SSL before starting the application protocol [http, IMAP, etc.]). Right, but on the server side it's not

Re: Proposal for improving the security of add-on updates

I wrote: >>> There is no unique IP address required any more. Modern TLS implementations >>> like the one in Mozilla products, allow the client and server to negotiate >>> the host name over the SSL connection, before the server presents its cert, >>> So that the server can pick the right cert. I

Re: Enumerting all certs in FF using Java

Thank you Nelson! I think you got the big picture of my app quite well. Will try JSS and see if that is what I'm looking for. BTW, the app is WASP that is now hopefully going to be realized as a native browser implementation. If I'm extremely lucky I may only have to use XUL, JS and Java but I'm

Re: Proposal for improving the security of add-on updates

Dave Townsend wrote: Nelson B wrote: There is no unique IP address required any more. Modern TLS implementations like the one in Mozilla products, allow the client and server to negotiate the host name over the SSL connection, before the server presents its cert, So that the server can pick

Re: Proposal for improving the security of add-on updates

Nelson B wrote: > There is no unique IP address required any more. Modern TLS implementations > like the one in Mozilla products, allow the client and server to negotiate > the host name over the SSL connection, before the server presents its cert, > So that the server can pick the right cert. It

Re: Proposal for improving the security of add-on updates

Dave Townsend wrote: > Nelson B wrote: >> Dave Townsend wrote: >>> Nelson Bolyard wrote: $18/year is too expensive, eh? >>> Heh, this is true. My attempts to find cheap SSL certificates had only >>> yielded $100/per year jobs. Given that they are not that expensive I >>> have started doing a s

Re: Proposal for improving the security of add-on updates

Nelson B wrote: > Dave Townsend wrote: >> Nelson Bolyard wrote: >>> $18/year is too expensive, eh? >> Heh, this is true. My attempts to find cheap SSL certificates had only >> yielded $100/per year jobs. Given that they are not that expensive I >> have started doing a straw poll of authors to see