Nelson Bolyard:
> Frank Hecker wrote:
>
>> Benjamin Smedberg wrote:
>>
>>> At the time, I believe I counter-proposed that the government
>>> certificate in question should be trusted to validate the identity of
>>> sites within that country: i.e. a Korean government CA would have a
>>> "lim
Anders Rundgren wrote:
> on the URL http://demo.webpki.org/mozkeygen
> you can get yourself a certificate by clicking a single button.
>
> What is a bit hard to understand is why the test-service at
> https://www.apache-ssl.org/cgi/cert-export
> often (but not always!) asks the user multiple times
Anders Rundgren wrote:
> I want people to finally realize that signed and encrypted e-mail has a
> much more limited scope than originally envisioned and there is
> no policy or technical solution that can change that. Due to the
> limited scope of S/MIME the problems associated with CAs do
> not
Frank Hecker wrote:
> Benjamin Smedberg wrote:
>> At the time, I believe I counter-proposed that the government
>> certificate in question should be trusted to validate the identity of
>> sites within that country: i.e. a Korean government CA would have a
>> "limited" root which could only verify t
Mert Özarar (TÜRKTRUST) wrote:
> I have a simple question to you but I could not find easily the answer with
> Internet search. I am working for a CA in Turkey (namely, TURKTRUST) and we
> are applying root certificate program for major vendors and browsers. We are
> currently added into Mozilla an
Anders Rundgren wrote:
> Thank you Nelson, it worked!
>
> Regarding Robert's "signature facility": his e-mail client creates signatures
> that renders his messages unreadable in many forums as well as in Outlook
> Express.
Oh, when you previously wrote "form archives" you meant "forum archives".
Thanx Robert,
I think this motivates me to continue with the WebAuth standards
proposal which unlike TLS client certificate authentication builds on
web session state which works better for users, browser implementers,
and web-service developers. It doesn't come as a surprise that
Microsoft shelv
Anders Rundgren wrote:
on the URL http://demo.webpki.org/mozkeygen
you can get yourself a certificate by clicking a single button.
What is a bit hard to understand is why the test-service at
https://www.apache-ssl.org/cgi/cert-export
often (but not always!) asks the user multiple times to OK the
Kyle Hamilton:
> On Tue, Apr 1, 2008 at 11:15 AM, Frank Hecker
> <[EMAIL PROTECTED]> wrote:
>
>> In the thawte case you cite, thawte changed its practices to start
>> issuing DV certs from a CA hierarchy not previously used for that, but
>> its practices were still within boundaries outlined
Frank Hecker:
> This brings up a point that was implied by my previous comments in
> response to Eddy, but that I want to make explicit:
>
> IMO the reason why we have a CA policy is *not* because the Mozilla
> Foundation wants to be or needs to be the "CA police", tracking down and
> punishing
Anders Rundgren:
> on the URL http://demo.webpki.org/mozkeygen
> you can get yourself a certificate by clicking a single button.
>
> What is a bit hard to understand is why the test-service at
> https://www.apache-ssl.org/cgi/cert-export
> often (but not always!) asks the user multiple times to OK
On Tue, Apr 1, 2008 at 11:15 AM, Frank Hecker
<[EMAIL PROTECTED]> wrote:
>
> In the thawte case you cite, thawte changed its practices to start
> issuing DV certs from a CA hierarchy not previously used for that, but
> its practices were still within boundaries outlined in our policy (which
> d
on the URL http://demo.webpki.org/mozkeygen
you can get yourself a certificate by clicking a single button.
What is a bit hard to understand is why the test-service at
https://www.apache-ssl.org/cgi/cert-export
often (but not always!) asks the user multiple times to OK the
certificate selection di
Kyle Hamilton wrote:
> What do I want?
>
> I want a use-case which expresses why the certificate validation
> policies (as implemented by NSS) must be so draconian.
>
> I want a use-case which expresses, clearly, why certificate validation
> problems have to be modal and completely disrupt the us
Hi folks,
I've been trying to use the JSS APIs to encrypt and decrypt data using
an RSA Cipher but I keep getting an InvalidKeyException. Invalid key
type: org.mozilla.jss.pkcs11.PK11RSAPublicKey.
I have a sample that works with our own JCE provider and the JCE
provider from Bouncy Castle. I've
Benjamin Smedberg wrote:
> At the time, I believe I counter-proposed that the government
> certificate in question should be trusted to validate the identity of
> sites within that country: i.e. a Korean government CA would have a
> "limited" root which could only verify the identity of sites wi
Lately I've been busy exploring various CP/CPS of different CAs which
started with the inclusion and update request of Comodo. I searched for
more incidents where CAs issue domain validated wild card certificates
and domain validated certificates with validities for ten years. I was
pointed to
17 matches
Mail list logo
