Hi Akkshayaa,
I have a suggestion - it may may or may not work.
Try to put the PKCS#11 DLL in a directory that is not name 'components'.
The 'components' directory is for add-on related files.
Browser will automatically load any DLL in that directory. My guess is
that the DLL is loaded before
At 12:54 PM -0700 6/6/08, Nelson B Bolyard wrote:
>I recall a long discussion on this list in which certain people observed
>(or opined) that the cert path validation algorithm defined in RFC 3280
>has the characteristics you describe above. That is, the claim was made
>that RFC 3280's algorithm d
Bruce:
You are correct, if the WHOIS records do not match then the process is
stopped. In the case of a private domain registration as per your
Domains by Proxy example, we would confirm via another method such as
1) through the registar (Domains by Proxy provides this service), 2)
have domain in
On Jun 6, 9:34 am, "Eddy Nigg (StartCom Ltd.)"
<[EMAIL PROTECTED]> wrote:
> Hi Bruce,
>
> Bruce:
>
>
>
> > All Organization Validated SSL certificates are issued using a three
> > part process. The applicant's business name is validated against a
> > third party database (e.g. D&B or government reg
> Andrews, Rick wrote, On 2008-06-04 15:24:
> >> It seems that CAs are not bothering to contact their customers with
> >> weak keys[1], although they are of course revoking the keys of
> >> customers who ask, and reissuing certificates.
> >
> > Gerv,
> >
> > I just wanted to mention that we've b
Kyle Hamilton wrote, On 2008-06-05 07:46:
> I must also point out something:
>
> NSS (at least up until 2004 -- I don't know if this has been changed,
> but the MoFo position espoused by I believe Nelson and Frank was that
> it wouldn't change) doesn't rely on any of the X.509v3 certificate
> fie
Andrews, Rick wrote, On 2008-06-04 15:24:
>> It seems that CAs are not bothering to contact their customers with
>> weak keys[1], although they are of course revoking the keys of
>> customers who ask, and reissuing certificates.
>
> Gerv,
>
> I just wanted to mention that we've been working fev
At 2:20 AM -0700 6/6/08, Kyle Hamilton wrote:
>The NIST date and EV date are the dates when they should no longer be
>used, not 'no longer admitted for use', unless I'm completely
>misreading the table on page 66 of the NIST SP800-57.
You are not misreading the table. That's a "do not use after" d
Hi Bruce,
Bruce:
All Organization Validated SSL certificates are issued using a three
part process. The applicant's business name is validated against a
third party database (e.g. D&B or government registry). Domain names
are validated via a WHOIS lookup to ensure that the domain is
registered
I wholeheartedly believe that placing an arbitrary policy limitation
in general-purpose software is ill-advised at best and reason for the
product to be dismissed out of consideration for any usage at worst.
-Kyle H
2008/6/6 Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]>:
> Rob Stradling:
>
> Anot
On Jun 5, 6:40 pm, "Eddy Nigg (StartCom Ltd.)"
<[EMAIL PROTECTED]> wrote:
> Frank Hecker:
>
>
>
>
>
> > This language and other language in section 3.1.8 seem pretty standard
> > to me; I've seen language like it in lots of CPSs. As I read it, RAs get
> > various identity-related documents from app
Rob Stradling:
Another option would be to make a (small? :-) modification to NSS to
allow us to store an expiry date which overrode the one in the certificate.
Good idea. That would be much less hassle (compared to my proposal) for both
the CAs and Mozilla.
Yes, that's perhaps a go
On Friday 06 June 2008 10:07:20 Gervase Markham wrote:
> Nelson B Bolyard wrote:
> > Rob, in the past, any time that we have suggested that a CA issue a new
> > root CA cert for any reason, even if only to change something minor,
> > we've received much feedback saying that doing so represents a hu
Gervase Markham:
Rob Stradling wrote:
FYI, Microsoft already require a minimum 2048-bit RSA key size for new Root
Certificate submissions.
Then we might want to implement the same policy, with an exception (for
compatibility reasons) for roots which already have a signficant degree
o
The NIST date and EV date are the dates when they should no longer be
used, not 'no longer admitted for use', unless I'm completely
misreading the table on page 66 of the NIST SP800-57.
I'm all for much more immediate cessation of adding new roots into the
browser of 1024 bits, simply because as a
Andrews, Rick wrote:
> I just wanted to mention that we've been working feverishly to automate
> checking of all valid certs in our databases. It's taking time because
> it's a huge task - we have hundreds of thousands of certs to check - but
> we intend to notify any customer who is using a weak k
Rob Stradling wrote:
> FYI, Microsoft already require a minimum 2048-bit RSA key size for new Root
> Certificate submissions.
Then we might want to implement the same policy, with an exception (for
compatibility reasons) for roots which already have a signficant degree
of deployment but which, fo
Kyle Hamilton wrote:
> There has been evidence of Microsoft, at the least, following this
> group and acting on good ideas that started here.
We do talk to each other, you know :-)
> January 1 2009 particularly because it provides slightly less than 2
> quarters of notice.
Indeed. Which does
Nelson B Bolyard wrote:
> Rob, in the past, any time that we have suggested that a CA issue a new
> root CA cert for any reason, even if only to change something minor,
> we've received much feedback saying that doing so represents a huge
> challenge and investment for the CAs, necessitating modifi
19 matches
Mail list logo
