Yevgeniy Gubenko wrote:
> You were right about the absence of a certificate in generated with JKS
> format client.private file. But unfortunately, attempt to generate the
> self-signed certificate for the keystore, then converting it to PKCS12
> format (client.privatepkcs12) and finally, import
Eddy Nigg (StartCom Ltd.) wrote:
> Does the document http://www.entrust.net/CPS/pdf/webcps051404.pdf not
> apply for this root and if so how do you know about it?
Per Entrust, at present this root has only one subordinate CA, the
"Entrust Certification Authority - L1A" used to issue EV certifica
Frank Hecker:
(NOTE: This has nothing to do with Entrust legacy roots in NSS, and
nothing to do with Entrust cross-signing of other CA's roots. AFAICT
this root is used only for Entrust EV certificates. In bug 416544
Entrust has also requested EV status for its legacy roots, but I'm
handling that
At 12:45 PM +0100 6/4/08, Rob Stradling wrote:
>For those 1024-bit RSA Root Certificates that are *already included* in
>Mozilla software, I think that a distinction should be drawn between:
> A. Those that expire before NIST's 2010 deadline.
> B. Those that expire soon after 2010.
> C. Those
At 10:14 AM +0100 6/4/08, Gervase Markham wrote:
>Paul Hoffman wrote:
>> Proposal:
>> a) Starting January 1 2009, all new CA roots must be 2048 bit RSA or 256
>> bit EC.
>
>Why January 1 2009 particularly?
No big reason. It gives us six months to agree. If we take longer,
just add months to th
Rob Stradling wrote, On 2008-06-04 04:45:
> 2. Give each affected CA the opportunity to submit a replacement 1024-bit
> RSA Root Certificate for inclusion in new versions of Mozilla software. Each
> of these replacement Root Certificates would exactly match the to-be-removed
> Root Certific
I've been looking at a request from Entrust (bug 416544) to (among other
things) have its new Entrust Root Certification Authority root enabled
for EV. This is a new Entrust root that was approved for inclusion last
year by Gerv (bug 382352) and subsequently added to NSS (bug 387892).
(NOTE: Th
[Please respect the Followup-To header, set to mozilla.dev.security]
Many of you will know about the problem with weak keys generated on
Debian or Debian-derivative systems between certain dates.[0] This
affects SSL certificates generated on those systems. CAs trusted by
Firefox have signed, and t
hello,
Your chosen set of operations to be performed is: "DESede/CBC/NoPadding"
DESede is a block cipher and operates on 8-byte blocks. Thus, input to
DESede Cipher with CBC mode and "NoPadding"
scheme should be in multiple of 8 bytes for the encryption/decryption to
succeed.
I was able to ge
Kyle Hamilton wrote:
> I do know that some Cisco VPN equipment doesn't like 4096-bit root
> keys.
Yupp.
> I don't know if it likes 2048-bit keys.
It works with 2048-bit keys.
Ciao, Michael.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozill
Kyle Hamilton:
however, I do know that some Cisco VPN equipment
doesn't like 4096-bit root keys. I don't know if it likes 2048-bit
keys.
Regarding Cisco routers, even though it's a known problem, I think the
newer updates provide support for bigger keys. Considering that Cisco
also wants
On Wednesday 04 June 2008 12:25:32 Kyle Hamilton wrote:
> There has been evidence of Microsoft, at the least, following this
> group and acting on good ideas that started here. While it'd be nice
> if that organization would comment here, I think that if they like
> this plan (or anything like thi
Kyle Hamilton:
There has been evidence of Microsoft, at the least, following this
group and acting on good ideas that started here. While it'd be nice
if that organization would comment here, I think that if they like
this plan (or anything like this plan) they'll implement it and it'll
end up b
On Tuesday 03 June 2008 07:28:33 Michael Ströder wrote:
> Eddy Nigg (StartCom Ltd.) wrote:
> > Paul, I think that the general idea (of Frank and others) is, to make a
> > requirement on new roots and act on the 1024 bit keys at some point in
> > the future.
>
> I also support the idea of throwing o
There has been evidence of Microsoft, at the least, following this
group and acting on good ideas that started here. While it'd be nice
if that organization would comment here, I think that if they like
this plan (or anything like this plan) they'll implement it and it'll
end up being a fait accom
Paul Hoffman wrote:
> Proposal:
> a) Starting January 1 2009, all new CA roots must be 2048 bit RSA or 256
> bit EC.
Why January 1 2009 particularly?
By new, do you mean newly-generated, or new to us?
Has any CA actually attempted to get a recently-generated 1024-bit root
included?
> b) Startin
16 matches
Mail list logo
