Re: ARGE DATEN Root Certificate Inclusion Request

2007-07-17 Thread Nelson Bolyard
Eddy Nigg (StartCom Ltd.) wrote: > According to Mozilla CA policy > http://www.mozilla.org/projects/security/certs/policy/ section 4: > > "...might cause technical problems with the operation of our software, > for example, with CAs that issue certificates that have..." > "...duplicate issuer name

Re: ARGE DATEN Root Certificate Inclusion Request

2007-07-17 Thread Eddy Nigg (StartCom Ltd.)
According to Mozilla CA policy http://www.mozilla.org/projects/security/certs/policy/ section 4: "...might cause technical problems with the operation of our software, for example, with CAs that issue certificates that have..." "...duplicate issuer names and serial numbers" Now I'm not sure if

Re: Private key control access

2007-07-17 Thread Wan-Teh Chang
[EMAIL PROTECTED] wrote: > Hello, > > I'm using NNS's PKCS#11 module, softokn3.dll, to access Mozilla - > Firefox - Netscape certificate store. > > I'd like to know if it is possible to control the access of each > private key by asking the PIN of the certificate in use. > I've only managed to se

Re: SSL Error Pages in Firefox 3

2007-07-17 Thread Eddy Nigg (StartCom Ltd.)
Hi Johnathan, Under http://wiki.mozilla.org/Security:SSLErrorPages#Motivations_.26_Objections (Motivations & Objections) goes into the issue: "to object to the idea that Mozilla "force" them to pay for a CA-validated certificate" Allow me to point out that the StartCom CA[1] is issuing _free_

SSL Error Pages in Firefox 3

2007-07-17 Thread Johnathan Nightingale
Hi folks, I wanted to bring up some changes we are making to how Firefox handles SSL with certificates of unknown provenance (self-signed, expired, untrusted CA, domain mismatch). I've documented the details in the wiki here: http://wiki.mozilla.org/Security:SSLErrorPages which, in turn,

Re: ARGE DATEN Root Certificate Inclusion Request

2007-07-17 Thread Eddy Nigg (StartCom Ltd.)
1.) We need general information about which verifications and audits RTR performs (if at all). This might affect all CA inclusion requests based on RTR as auditor. According to RTR and the Austrian Signature Act, merely registration (i.e. notification to RTR) doesn't have any meaning beyond tha

Re: Enhancing security of extension by signing them

2007-07-17 Thread Eddy Nigg (StartCom Ltd.)
Hi Jean-Marc, Jean-Marc Desperrier wrote: > Eddy Nigg (StartCom Ltd.) wrote: >> Really? Why is that? Personally I tend to trust individuals more then >> "companies" which can come and go within a matter of days! >> > > > But if you can not do a face to face meeting, they are usually very few

Private key control access

2007-07-17 Thread keat . chan
Hello, I'm using NNS's PKCS#11 module, softokn3.dll, to access Mozilla - Firefox - Netscape certificate store. I'd like to know if it is possible to control the access of each private key by asking the PIN of the certificate in use. I've only managed to set a store PIN which is shared by every ce