Arshad Noor wrote, On 2008-02-06 06:38:
> The issue isn't with certificates; it is with private keys.
Arshad,
I think e.kabarie is concerned with attacks that would inject bogus CA
certs into the client's cert DB and mark them as trusted.
E.Kabarie:
The difficulty with your problem statement is
> The issue isn't with certificates; it is with private keys.
I disagree with you...What if somebody deleted the private key from
key3.db and its associated certificate entry in cert8.db??? Then added
his own thing and went around playing with it...???
> You are right that private keys stored in
Erez wrote:
> Ho can I download Netscape PKCS #11 Test Suite source code?
>
no. there is a status summary explaining why on the netscape PKCS#11
test suite page.
http://www.mozilla.org/projects/security/pki/pkcs11/netscape/
* Tools: The tools regress, reporter, and replacer have yet to
The issue isn't with certificates; it is with private keys.
You are right that private keys stored in files and protected
by passwords can be attacked with dictionary attacks, rainbow
tables, guessing, etc. The traditional counter-measure is to
store the private-key in a FIPS 140-2 Level 2/3 cert
Hi all!!!
I'm developing a client-server application in which I wish to make the
certificate database on the client side discreetI'm skeptical of
leaving the cert8.db, secmod.db, and key3.db accessible to all &
sundryMakes it vulnerable to getting hacked... I fully understand
that the file
5 matches
Mail list logo
