On 6/20/2008 5:44 PM, Eddy Nigg wrote [in part]:
>
> This boils down to either of the two other options. If NSS isn't able to
> choose the DigiNotar root or treat the cross-signed certificate as
> revoked, than the email bit of Entrust should be set to off until the
> issue is solved in a diffe
Eddy Nigg:
> You can try to edit the trust flags of that see (remove all trust) and
> when encountering a site with a certificate from that CA to add an
> exception.
I don't know what I was thinking when I wrote this, but it should have
been "edit the trust flags of that CA", not "see" ;-)
--
Jan Schejbal:
> Akamai, a very big content distribution provider used by MANY
> organisations including the german Finanzamt (equivalent to the IRS),
> had a weak key. If I put
> 127.0.0.1 a248.e.akamai.net
> into my hosts file and run an apache with the broken cert (key got
> published in some for
Jan Schejbal:
>
> I have started a new thread about this with an example why a blacklist
> is the only way to go.
Please read the thread about Debian keys first:
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/b2cda44a0e6c4d5c#
>
>> This is induced via the name constr
Hi,
I am posting this to a new thread because the other one is too old. I
thought this would be fixed in ff3 by the new revocation system, but it
seems some CAs do not use it.
Akamai, a very big content distribution provider used by MANY
organisations including the german Finanzamt (equivalent
Hi,
[great debian openssl f**kup]
>some CAs have started to take action actively.
I have started a new thread about this with an example why a blacklist
is the only way to go.
>> - allow limiting CA certificates to certifying certain domains (for
>> example, I want my universities CA to be able
6 matches
Mail list logo
