Hey,
I did :
[EMAIL PROTECTED] bin]# ./signver -s ./signature -d ~/.mozilla/firefox/
3y9snp1l.totallynew/ -i ./data -v -V
signver: function failed: An I/O error occurred during security
authorization
Now I am totally in the dark as to the reason for this error . I
wouldn't mind a signature veri
Gervase Markham wrote:
> My definition of a "sucky" code signing cert is one in which the
> information inside about the owner of the cert isn't accurate.
It's a bad definition of a "sucky" code signing certificate.
You don't care *who* the owner of the cert is. What you care about is if
he int
On 6/24/2007 8:49 PM, Justin Dolske wrote [in part]:
> David E. Ross wrote [also in part]:
>> I much more favor providing both the target file and a separate file
>> containing the hash, as is done on the Mozilla FTP site.
>
> And how do you verify the contents of the hash file? Another hash file?
dev wrote:
> Thats the thing I got the private cert from cacert.org , I don't
> know where the security db is or where it should be etc. I can only
> just export my private cert as a pkcs12 file , not the cert db.
> Any ideas how I can get the cert db? or what I should do ?
If you used Fire
Justin Dolske wrote:
> David E. Ross wrote:
>
>
>> For example, a hash mismatch would cause the downloaded file to be
>> deleted. Also a misformed hash would block downloading. Both of these
>> create denial-of-service opportunities; all a hacker has to do is alter
>> the hash in the anchor (
Hey,
>
> It needs to know where your security database is (secmod.db, key3.db,
> cert8.db) with the -d option. All mozilla tools assume it's in
> ~/.netscape or something similar by default. Since almost no one stores
> their credentials there get used to using the -d (or -dbdir for modutil)
> op
Nelson B wrote:
> Unless the page that contains that link is an https page, to substitute a
> trojan, an attacker need only substitute his own URL for the original
> page's URL while the page is in transit. A proxy server is a perfect
> place to perform such an MITM attack. Http pages with login
David E. Ross wrote:
> The page also proposes some implementation details that are troublesome.
> For example, a hash mismatch would cause the downloaded file to be
> deleted. Also a misformed hash would block downloading. Both of these
> create denial-of-service opportunities; all a hacker has
Arrakis wrote:
> Why not use digital certificates provided by CACert. They are free, and
> have high levels of assurity, as opposed to a CAs like Verisign that
> have little to no assurity, and charge a ransom.
Because CAcert have not applied for inclusion into (and therefore,
obviously, not been
9 matches
Mail list logo
