Boris Zbarsky schrieb:
> Kai Engert wrote:
>> nsIX509Cert expects the underlying CERTCertificate to be complete and
>> valid, and serializing/restoring it based on the DER representation
>> will ensure it.
>
> The message I got from Nelson's reply is that the DER representation
> doesn't actual
Kai Engert wrote:
> nsIX509Cert expects the underlying CERTCertificate to be complete and
> valid, and serializing/restoring it based on the DER representation will
> ensure it.
The message I got from Nelson's reply is that the DER representation doesn't
actually capture everything about the CE
Boris Zbarsky schrieb:
> I'm not sure what parts of the CERTCertificate are needed for this; I'm
> hoping
> someone here will know.
>
I would propose you always save the full CERTCertificate.
I would prefer that we avoid having to implement special code for an
after-restore scenario where o
Jean-Marc Desperrier wrote:
> But I'd like to point out I'm not the only who is doubtful about the
> real level of authentication current commercial CA provide for code
> signing certificate.
>
> See this SyScan'07 presentation :
> http://www.symantec.com/avcenter/reference/attack.surface.analy
Yahel Zamir wrote:
>
> OK... Since my application does not use PRThread's I guess should
> obtain the PRThread id of the Read thread and the Write thread (using
> PR_GetCurrentThread), and then we can interrupt each thread by calling
> PR_Interrupt. As a result, both blocking calls will return an e
Nelson B wrote:
> If all you need is to serialize the certificate itself, just copy the
> DER certificate. If you need any other those other things, then ...
> it's less clear how to do that.
Let me explain more about my use cases. What I am actually working on is
serializing nsPrincipal object
I apologise for the delay in looking at this.
Eddy Nigg (StartCom Ltd.) wrote:
> 2.) The links under section documents point to various CA policies and
> practices:
With the exception of question 1, which you have already addressed,
these are all good questions. Thank you very much for taking t
Jean-Marc Desperrier wrote:
> But I'd like to point out I'm not the only who is doubtful about the
> real level of authentication current commercial CA provide for code
> signing certificate.
No. I also have my doubts in this area. That's one reason I think EV is
important.
> - grev : "barrier
Boris Zbarsky wrote:
> I'm looking into serializing and deserializing principals, and to do this
> for certificate principals I would need to be able to save out an
> nsNSSCertificate. This means saving a CERTCertificate, in addition to
> various other things that I think I know how to save out.
>
9 matches
Mail list logo
