Re: verifying peer identity during handshake

On May 23, 8:34 am, Rainer Gerhards <[EMAIL PROTECTED]> wrote: > On May 20, 10:38 pm, Badra <[EMAIL PROTECTED]> wrote: > [snip] > > > Fingerprint-based is not secure within TLS, not specified anywhere, and it > > is an hack. > > Well, it actually is (somewhat), right there in the PSK RFC, section >

Re: verifying peer identity during handshake

On May 20, 10:38 pm, Badra <[EMAIL PROTECTED]> wrote: [snip] > Fingerprint-based is not secure within TLS, not specified anywhere, and it > is an hack. Well, it actually is (somewhat), right there in the PSK RFC, section 1.1: If the main goal is to avoid Public-Key Infrastructures (PKIs),

Re: verifying peer identity during handshake

Hi Nelson, many thanks for your very useful reply. Comments inline... On May 22, 12:41 am, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > Rainer Gerhards wrote, > > >>> [snip] I would like to authenticate > >>> remote peers via custom authentication layed out in the standard. This > >>> is fingerp

Re: verifying peer identity during handshake

On May 23, 12:39 am, Julien R Pierre - Sun Microsystems <[EMAIL PROTECTED]> wrote: > Nelson, > > Nelson B Bolyard wrote: > > >>> Right now there is no such callback available in NSS' libssl to do what > >>> you want. > > > Maybe I misunderstand the request, but I believe that libSSL offers exactly

Re: CA pending and included lists updated

On May 23, 2008, at 1:49 PM, Frank Hecker wrote: > I've updated the root CA certificate "pending" and "included" lists to > reflect all the new roots that got approved in time for Firefox 3 RC1: > >http://www.mozilla.org/projects/security/certs/pending/ >http://www.mozilla.org/projects/se

CA pending and included lists updated

I've updated the root CA certificate "pending" and "included" lists to reflect all the new roots that got approved in time for Firefox 3 RC1: http://www.mozilla.org/projects/security/certs/pending/ http://www.mozilla.org/projects/security/certs/included/ Some additional comments in relatio

Re: Including FNMT cert in Firefox 3 (Spanish government)

Nelson B Bolyard wrote: > It's pretty apparent that NONE of the people who have been responding to > you in this thread had any idea that you were affiliated with Mozilla. > I think this may be the first thread in which you've ever posted in this > list/newsgroup. Maybe you should introduce yourse

Re: Deutsche Telekom Root CA 2 inclusion into Firefox 3

rainer_k wrote: > Since several months a lot of people from German Universities and > research > institutes are waiting for inclusion of "Deutsche Telekom Root CA 2" > into > the Firefox built-in root certificates. Today I downloaded FF3 RC1 and > was > disappointed by not finding it there. Apparen

Re: Including FNMT cert in Firefox 3 (Spanish government)

pascal wrote, On 2008-05-22 15:45: > Nelson B Bolyard a écrit : > >>> and in the bug, they provided the information we were asking >> They did? That information was supplied in comment 8 by a third >> party, namely you. Are you an official representative of FNMT? >> If not, then I suggest that

Re: Including FNMT cert in Firefox 3 (Spanish government)

pascal: Sure, here are the documents they have linked in their .doc explaining the audit and certificate policy: http://www.cert.fnmt.es/content/pages_std/docs/dpc.pdf http://www.cert.fnmt.es/content/pages_std/docs/ETSI.pdf Excellent, Pascal! Now the information above, together with all the

Re: Including FNMT cert in Firefox 3 (Spanish government)

Eddy Nigg (StartCom Ltd.) a écrit : > pascal: >> Yes, apparently this information did not cross the pool to the european >> office... >> >> > > :-) > > >> >> I'd say that all of these informations are provided into the 200 pages >> document provided by FNMT, > > Which document? Can you poi

Re: Including FNMT cert in Firefox 3 (Spanish government)

Eddy Nigg (StartCom Ltd.): Buenas noches Excusez-moi, je voulais dire *bonne nuit*... ;-) Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: Join the Revolution! Phone: +1.213.341.0390

Re: Including FNMT cert in Firefox 3 (Spanish government)

pascal: Yes, apparently this information did not cross the pool to the european office... :-) I'd say that all of these informations are provided into the 200 pages document provided by FNMT, Which document? Can you point me to a link? I haven't seen anything like this...perhaps if

Re: Including FNMT cert in Firefox 3 (Spanish government)

Eddy Nigg (StartCom Ltd.) a écrit : > pascal: >> >> I am a Mozilla Corp. employee and a Mozilla Europe board member, Gerv >> that they contacted by email is a Mozilla Foundation employee and has >> been visible as the mozilla CA guy in Europe for a long time. Are you >> telling me that Cristina

Re: Including FNMT cert in Firefox 3 (Spanish government)

On May 23, 2008, at 7:45 AM, pascal wrote: > Nelson B Bolyard a écrit : > >> >>> and in the bug, they provided the information we were asking >> >> They did? That information was supplied in comment 8 by a third >> party, namely you. Are you an official representative of FNMT? >> If not, then I

Re: Including FNMT cert in Firefox 3 (Spanish government)

pascal: I am a Mozilla Corp. employee and a Mozilla Europe board member, Gerv that they contacted by email is a Mozilla Foundation employee and has been visible as the mozilla CA guy in Europe for a long time. Are you telling me that Cristina not creating the attachment herself but asking for he

Re: Including FNMT cert in Firefox 3 (Spanish government)

Nelson B Bolyard a écrit : > >> and in the bug, they provided the information we were asking > > They did? That information was supplied in comment 8 by a third > party, namely you. Are you an official representative of FNMT? > If not, then I suggest that you step back, and make it clear to >

Re: verifying peer identity during handshake

Nelson, Nelson B Bolyard wrote: > >>> Right now there is no such callback available in NSS' libssl to do what >>> you want. > > Maybe I misunderstand the request, but I believe that libSSL offers exactly > what Rainer has requested. The way I read it, he wanted to do some "custom authentication

How to debug NSS code?

Hi! I have a bug in Thunderbird concerning NSS (PKCS #11 modulo interaction). The already used bugzilla to fill in the bug (unconfirmed). But I would like to do more: debug the code. I have VS 2005 + Win 2003 R2 SDK + mozilla-build My .mozconfig is: echo "# My first mozilla config" mk_add_opt

Re: Including FNMT cert in Firefox 3 (Spanish government)

pascal chevrel wrote, on 2008-05-22 13:01 PDT: > Eddy Nigg (StartCom Ltd.) a écrit : >> http://wiki.mozilla.org/CA:Root_Certificate_Requests > > This page was created in March, they provided all the data in February > based on the scarse documentation we could point them too. You can't > blame

Re: Including FNMT cert in Firefox 3 (Spanish government)

Hi Pascal, I think it inherently useless to argue about it, better accept the current state as a fact that Mozilla is asking the CA to provide the needed information as advised. I'm reading the entries in the bug and nothing has been provided in February and I can only see the submission of th

Re: Including FNMT cert in Firefox 3 (Spanish government)

Eddy Nigg (StartCom Ltd.) a écrit : > Nukeador: >> Eddy Nigg (StartCom Ltd.) escribió: >>> >>> Please make FNMT or the individual CAs aware of this fact and ask >>> them to make a request for inclusion according to the guidelines from >>> here: http://wiki.mozilla.org/CA:Root_Certificate_Requests

Re: Including FNMT cert in Firefox 3 (Spanish government)

Eddy Nigg (StartCom Ltd.) a écrit : > Nukeador: >> Eddy Nigg (StartCom Ltd.) escribió: >>> >>> Please make FNMT or the individual CAs aware of this fact and ask >>> them to make a request for inclusion according to the guidelines from >>> here: http://wiki.mozilla.org/CA:Root_Certificate_Requests

Re: Including FNMT cert in Firefox 3 (Spanish government)

Eddy Nigg (StartCom Ltd.) a écrit : > Nukeador: >> Eddy Nigg (StartCom Ltd.) escribió: >>> >>> Please make FNMT or the individual CAs aware of this fact and ask >>> them to make a request for inclusion according to the guidelines from >>> here: http://wiki.mozilla.org/CA:Root_Certificate_Requests

Re: Deutsche Telekom Root CA 2 inclusion into Firefox 3

Eddy Nigg (StartCom Ltd.) wrote, On 2008-05-22 01:09: > Nelson, the bug is always listed in the "Pending" page: > > https://bugzilla.mozilla.org/show_bug.cgi?id=378882 I didn't see any bug with the words "Deutsche Telekom" in the summary. I have now fixed that. -- 123456789012345678901234567

Re: Including FNMT cert in Firefox 3 (Spanish government)

Eddy Nigg (StartCom Ltd.) wrote: > Just for the better understanding, but there is no preferential > treatment for any type of certification authorities. The only exception > which has been made, was the recent adding of roots and acceptance of > CAs which issue extended validation (EV) certific

Re: Elliptic Curve Key Generation Parameter Names for StandardCurvesin JSS

Thanks. Sounds like I the basic version. "Glen Beasley" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > mozilla wrote: > > Thanks. That helps. The referenced Java program implies that 192 and 224 > > are recognized values for the kpg initialize method. However, the program > > acce

Re: Elliptic Curve Key Generation Parameter Names for Standard Curvesin JSS

mozilla wrote: > Thanks. That helps. The referenced Java program implies that 192 and 224 > are recognized values for the kpg initialize method. However, the program > accepted the parameters to initialize but generated errors when attempting > to generate the keys. (The program worked for generat

Re: Elliptic Curve Key Generation Parameter Names for Standard Curvesin JSS

Thanks. That helps. The referenced Java program implies that 192 and 224 are recognized values for the kpg initialize method. However, the program accepted the parameters to initialize but generated errors when attempting to generate the keys. (The program worked for generating pairs using 256, 38

Re: Including FNMT cert in Firefox 3 (Spanish government)

pascal: Gen Kanai a écrit : On May 22, 2008, at 4:46 PM, Nukeador wrote: You have to understand that it's a public CA, not a private enterprise, FNMT is part of the Treasury and Economy Department of Spain. FNMT is not the only public CA in the list. Nukeador is spe

Re: Including FNMT cert in Firefox 3 (Spanish government)

Gen Kanai a écrit : > On May 22, 2008, at 4:46 PM, Nukeador wrote: > >> You have to understand that it's a public CA, not a private >> enterprise, FNMT is part of the Treasury and Economy Department of >> Spain. > > FNMT is not the only public CA in the list. > Nukeador is speaking about the ca

Re: Including FNMT cert in Firefox 3 (Spanish government)

On May 22, 2008, at 4:46 PM, Nukeador wrote: > You have to understand that it's a public CA, not a private > enterprise, FNMT is part of the Treasury and Economy Department of > Spain. FNMT is not the only public CA in the list. See below: "Kamu Sertifikasyon Merkezi is the one government CA in

Re: Deutsche Telekom Root CA 2 inclusion into Firefox 3

Nelson Bolyard: rainer_k wrote, On 2008-05-18 08:57: http://www.mozilla.org/projects/security/certs/pending/#T-Systems What is the bugzilla bug number for that request? Nelson, the bug is always listed in the "Pending" page: https://bugzilla.mozilla.org/show_bug.cgi?id=378882 Rega

Re: Including FNMT cert in Firefox 3 (Spanish government)

Nukeador: I don't know the status of the other Spanish CA request, if they are complete I don't know why they are not approved yet, but this should not be a problem to include FNMT cert when they have uploaded all information in the correct way You are right! It's not a problem to start the

Re: Including FNMT cert in Firefox 3 (Spanish government)

I understand your point, but this request has nothing to do with the personal certificates or electronic identity document (e-DNI) which is the only official way to identification a person in Spain. The problem is that all official and public pages in ALL regions use this certificate when they serv