See responses in line below.
"Nelson B Bolyard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Bill Price wrote, On 2008-07-24 15:17 PDT:
>> I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively
>> supported it (ECC ciphersuites are enabled in about:config). Using no
Daniel Stenberg wrote, On 2008-07-23 14:43:
> On Wed, 23 Jul 2008, Ruchi Lohani wrote:
>
>> Since a lot of open source softwares are using NSS, I wish to know whether
>> we have some documentation on specifics of
>>
>> OpenSSL and NSS and the advantages NSS has over OpenSSL. If so, can anybody
>
Paul,
Paul Hoffman wrote:
> At 11:43 PM +0200 7/23/08, Daniel Stenberg wrote:
>> If you can stand a comparison that also involves GnuTLS, then the
>> GnuTLS guys
>> have one:
>>
>> http://www.gnu.org/software/gnutls/comparison.html
>
> There are a lot of question marks on that for NSS. Some
Edy,
Eddy Nigg wrote:
>
> Neither Apache not IIS do that AFAIK.
I believe the Netscape/iPlanet/Sun web server does at least log a
warning when the server comes up if the cert cannot be verified, for
example, because of a missing intermediate.
However, if the intermediate cert was installed, b
On Jul 24, 5:09 pm, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> joshuaaa wrote, On 2008-07-24 06:56:
>
> > This is part of a project to increase security here at work. To be
> > honest, I'm not completely sure of all the details. I've just been
> > asked to add/remove user certificates while the
joshuaaa wrote, On 2008-07-24 06:56:
> This is part of a project to increase security here at work. To be
> honest, I'm not completely sure of all the details. I've just been
> asked to add/remove user certificates while the browser is running.
User certificates? Certificates for which the user
Bill Price wrote, On 2008-07-24 15:17 PDT:
> I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively
> supported it (ECC ciphersuites are enabled in about:config). Using normal
> downloads of FF3 on either Linux or Windows I'm getting the error that
> there's no common ciphersuite.
Bill Price wrote, On 2008-07-24 15:17:
> I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively
> supported it (ECC ciphersuites are enabled in about:config). Using normal
> downloads of FF3 on either Linux or Windows I'm getting the error that
> there's no common ciphersuite. Lo
ZhanLeo wrote, on 2008-07-24 07:45 PDT:
> I'm building Firefox 2, and I find it support ECC.
I gather that this project has begun relatively recently, and so
I wonder why you're building Firefox 2 instead of Firefox 3.
> Could I only limit the ECC key lengths to 128bits
Such a change could be
I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively
supported it (ECC ciphersuites are enabled in about:config). Using normal
downloads of FF3 on either Linux or Windows I'm getting the error that
there's no common ciphersuite. Looking at SSLTap, both versions of FF3
browser a
Jean-Marc Desperrier wrote, On 2008-07-24 05:52:
> Nelson B Bolyard wrote:
>> [...]
>> For applications like FF3 that use NSS 3.12, which type of DB is used is
>> under the control of the application. FF3 does not make use of the SQLite3
>> DBs (even though that capability was added primarily for F
On Thu, Jul 24, 2008 at 5:52 AM, Jean-Marc Desperrier
<[EMAIL PROTECTED]> wrote:
> Nelson B Bolyard wrote:
>> [...]
>> For applications like FF3 that use NSS 3.12, which type of DB is used is
>> under the control of the application. FF3 does not make use of the SQLite3
>> DBs (even though that capa
On Thu, Jul 24, 2008 at 5:37 AM, Jean-Marc Desperrier
<[EMAIL PROTECTED]> wrote:
>
> For exemple about the shareable database, your response late in February
> about that was that there was still a lot left to do for it, and that
> you didn't see the point unless both Fx and Tb had it and it could
Jean-Marc Desperrier wrote, On 2008-07-24 05:37:
> For exemple about the shareable database, your response late in February
> about that was that there was still a lot left to do for it,
In NSS, yes. That work was completed, as planned.
> and that you didn't see the point unless both Fx and
Eddy Nigg wrote, On 2008-07-24 01:15:
> Nelson B Bolyard:
>> I believe that, within the Mozilla developer community, there is a widely
>> held misconception that NSS=PSM and the NSS team is the PSM team. But
>> that's really not correct. Most of the NSS developers are paid to work
>> on NSS but
Eddy Nigg wrote:
> Frank, I'd like to know (again) what our policy is in regards of EV
> audit requirements. As I understand from the bug report, Wells Fargo
> didn't actually absolved the EV audit, but some EV readiness audit. I
> think we are past the time where we'd accept such audits?
A qui
Nelson B Bolyard wrote:
> [...]
> For applications like FF3 that use NSS 3.12, which type of DB is used is
> under the control of the application. FF3 does not make use of the SQLite3
> DBs (even though that capability was added primarily for FF3). [...]
So that opportunity was missed for Fx 3.
B
I'm building Firefox 2, and I find it support ECC. Could I only limit the ECC
key lengths to 128bits or remove ECC support on FireFox 2? If yes, how can I
change build scripts?
Thanks,
Leo
_
MSN史诗巨片横空出世,精彩抢先看!
http://im.msn.cn/___
Thorsten Becker wrote:
> Nelson B Bolyard schrieb:
>>> I think the solution that Jean-Marc outlined above would make some
>>> sense: It would make it a bit easier to visit certain sites, but
>>> disturb permanently if someone visits a site that has no trust anchor
>>> in firefox.
>>
>> There's a gr
On Jul 23, 11:15 pm, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> joshuaaa wrote, On 2008-07-23 20:30:
>
> > Sorry for the confusion. It would be greatly appreciated if anyone can
> > shed some light on this subject. I've spent plenty of hours
> > researching and haven't come up with anything prom
Nelson B Bolyard wrote:
> Eddy Nigg wrote, On 2008-07-23 14:30:
>> Nelson B Bolyard:
>>> [...], when it sends the http get request to fetch the cert, it has
>>> not yet validated the cert from which it got the http URL, so it doesn't
>>> know if that URL is legitimate or from some hacker. It blind
> -Original Message-
> From:
> [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> la.org] On Behalf Of Dean
> Sent: Wednesday, July 23, 2008 12:09 PM
> To: dev-tech-crypto@lists.mozilla.org
> Subject: Re: Failed to toggle FIPS mode with JSS
> Essentially I have an SSL implementation that I
Nelson B Bolyard:
>
> Only if the server cert is from a CA that follows a reasonable CP/CPS.
>
Obviously...
> The case of concern is the server with a self-signed cert, or cert from
> an unknown CA, that has an AIA extension that points to a tracking host
> of some sort. The chain won't validate
23 matches
Mail list logo
