The long-term most reasonable solution is to adopt Microsoft's CardSpace's
notation.
X.509 certificates can easily be made into virtual InfoCards.
Anders
- Original Message -
From: "Eddy Nigg (StartCom Ltd.)" <[EMAIL PROTECTED]>
To: "Robert Relyea" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday
Robert Relyea wrote:
> This is a side effect of the Mozilla/Firefox cert selection criteria.
> Only valid certs that chain to a CA that is trusted by the Server (as
> indicated by the Client auth CA list) is included. One of the changes
> in my suggestions would be to include certs don't fit our
Eddy Nigg (StartCom Ltd.) wrote:
A few additional comments to make that clearer:
Eddy Nigg (StartCom Ltd.) wrote:
I noticed, that in the first section under "IE Current Usage", it says
that IE will _always_ use that certificate (or lack of certificate) for
that site. Only in the second part th
Nelson Bolyard wrote:
rupert thurner wrote:
we noticed that the support for hardware security modules (smartcards)
storing ssl client certificates in mozilla/firefox is quite good.
is it possible to somehow reuse this for serf to provide x509 client
certificate login for subversion, via the
Rob Crittenden wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Nelson Bolyard wrote:
Does serf use "modSSL"? If so, there is a "modNSS" that causes Apache to
use NSS instead of OpenSSL. That might be an easy change for you.
Nelson, what about the env variables as in
http://httpd.a
Rob Crittenden wrote:
> Yes, mod_nss supports the same environment variables as mod_ssl.
> http://directory.fedoraproject.org/wiki/Mod_nss
>
I couldn't figure (explicit) from that page that this is the case
> Normally mod_nss will not let you start Apache with a bad certificate
> (expired,
Eddy Nigg (StartCom Ltd.) wrote:
> Nelson Bolyard wrote:
>>
>> Does serf use "modSSL"? If so, there is a "modNSS" that causes Apache to
>> use NSS instead of OpenSSL. That might be an easy change for you.
>>
>>
> Nelson, what about the env variables as in
> http://httpd.apache.org/docs/2.0/mo
Nelson Bolyard wrote:
>
> Does serf use "modSSL"? If so, there is a "modNSS" that causes Apache to
> use NSS instead of OpenSSL. That might be an easy change for you.
>
>
Nelson, what about the env variables as in
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
Does mod_nss support the same
I am working on a project where I need to verify the signature of a
SAML 1.1 POST response using OpenSSL on Linux in PHP. I have followed
the XML Signature Spec to a 't' and everything works until the very
last test which is to validate the signature of SignatureInfo against
the SignatureValue.
H
> ... I realised that you can do something with Firefox 2.0.x that
> you could not do with Firefox 1.5.x: track an unsuspecting user
> using TLS client certificates.
this is not new. in a way it has been in the apache
documentation for years. it simple, and it's very bad:
a) firefox does not ask
10 matches
Mail list logo
