Rich Megginson wrote:
> Howard Chu wrote:
>> At any rate, I've committed the preliminary code to CVS so you can
>> tinker with it if you want. It will take a lot more beating on before
>> it's actually usable.
> Some Red Hat folks have been working on adding NSS support to OpenLDAP.
>It's almo
This is definitely a Java problem, not a Firefox issue. Since Sun
does not do the OSX Java releases, the best place to file a bug report
on this issue would be http://bugreport.apple.com/ -- an Apple
Developer Center (ADC) ID is required to submit bug reports there.
-Kyle H
On Wed, Aug 13, 2008
Julien R Pierre - Sun Microsystems wrote:
> Michael,
>
> Michael Ströder wrote:
>> Wan-Teh Chang wrote:
>>> Most NSS-based server applications open the NSS databases in
>>> read-only mode, so they can run with multiple processes safely. But
>>> client applications such as Firefox and Thunderbird o
Michael,
Michael Ströder wrote:
> Wan-Teh Chang wrote:
>> Most NSS-based server applications open the NSS databases in
>> read-only mode, so they can run with multiple processes safely. But
>> client applications such as Firefox and Thunderbird open the NSS
>> databases in read-write mode.
>
> A
Wan-Teh Chang wrote:
> Most NSS-based server applications open the NSS databases in
> read-only mode, so they can run with multiple processes safely. But
> client applications such as Firefox and Thunderbird open the NSS
> databases in read-write mode.
According to what Nelson said, cmsutil also
Frank Hecker:
> Eddy Nigg wrote:
>> Frank, where is the lack of consensus exactly?
>
> IIRC the reason I changed the wording to "potentially problematic" was
> that some of the practices weren't necessarily "problematic" in all
> contexts, at least IMO. Thus, for example, distributing private keys
Eddy Nigg wrote:
> Frank Hecker:
>> Yes, I'll do that. (Incidentally, I'm now calling it the "potentially
>> problematic practices" list, because there's a lack of consensus on the
>> extent to which some of these practices are problems in general.)
>
> Frank, where is the lack of consensus exactl
Frank Hecker:
>
> Yes, I'll do that. (Incidentally, I'm now calling it the "potentially
> problematic practices" list, because there's a lack of consensus on the
> extent to which some of these practices are problems in general.)
>
Frank, where is the lack of consensus exactly? Are you referring t
Frank Hecker wrote:
> Robin Alden wrote:
>> Frank, would you consider these practices of issuing certificates to
>> hostnames* and also of issuing to non-internet routable IP addresses as
>> being something to add to your problematic practices list?
>
> Yes, I'll do that.
Done:
https://wiki.moz
On Wed, Aug 13, 2008 at 8:01 AM, Howard Chu <[EMAIL PROTECTED]> wrote:
> Michael Ströder wrote:
>> Well, the situation of stuffing everything in a directory/file with
>> PEM-formatted certs is not better. And every software can have its own
>> cert?.db.
>
> At least filesystems are known to safely
Robin Alden:
>> I think an IP address is almost on the same level as a domain name, but
>> even here there can be problems. For example if you are willing to
>> validate dynamic assigned IP addresses, than this can be actively
>> exploited obviously. An assigned IP may belong to somebody else withi
Looking for more information on this issue, I've looked for signed
applets that DO WORK on Firefox 3.0.1/mac osx.
Again, 'works' is defined as if the applet is signed, with a valid
cert, and chain of trust to a trusted root CA, then no scary-and-
confusing-to-a-user messages should come up.
Here's
Frank Hecker wrote:
> Frank Hecker wrote:
>> I am now opening the first public discussion period for a request from
>> Comodo to add the Comodo ECC Certification Authority root certificate
>> to Mozilla and enable it for EV use. This is bug 421946, and Kathleen
>> has produced an information doc
Howard Chu wrote:
> Michael Ströder wrote:
>> I'd really appreciate if the OpenLDAP client libs could make use of
>> client certs I have in my Mozilla profile.
>
> Don't be so sure; it's not as good as it sounds... Without the new
> shared DB support in NSS, this would very likely corrupt your ce
Howard Chu wrote:
> Michael Ströder wrote:
>> I'd really appreciate if the OpenLDAP client libs could make use of
>> client certs I have in my Mozilla profile.
>
> Don't be so sure; it's not as good as it sounds... Without the new
> shared DB support in NSS, this would very likely corrupt your ce
On Aug 12, 7:37 pm, "Kyle Hamilton" <[EMAIL PROTECTED]> wrote:
> Could you perhaps post your certificate chain?
>
> -Kyle H
>
What is presented in the browser for the certificate chain:
http://www.tryventi.com/certissue/trust1.png
http://www.tryventi.com/certissue/trust2.png
http://www.tryventi.c
Michael Ströder wrote:
> I'd really appreciate if the OpenLDAP client libs could make use of
> client certs I have in my Mozilla profile.
Don't be so sure; it's not as good as it sounds... Without the new shared DB
support in NSS, this would very likely corrupt your certDBs in short order.
E.g.,
Robin Alden wrote:
> Sure, but CAs issue certificates to IP addresses too (as we discuss below)
> yet the policy does not allow for the possibility. Either the policy is
> imprecise, or it is being flouted by the CAs that issue certificates for IP
> addresses.
You're correct, this is a gap in our
Hi,
SignerInfo crashes firefox 3 in Windows. Below I put the code and the
log files with Firefox 3.0.1
I have found a page about this bug.
http://support.mozilla.com/tiki-view_forum_thread.php?locale=lt&forumId=1&comments_parentId=86104
But there isn´t valid solution
Do you know resolve it ?
If
Howard Chu wrote:
> Likewise in the Mozilla Browser/nss_ldap situation, the credentials
> needed for LDAP authentication will probably be quite different from the
> credentials needed for web browsing or personal addressbook lookups. It
> would be extremely bad if simply using Mozilla on a syste
Howard Chu wrote:
> Nelson B Bolyard wrote:
>> Howard Chu wrote, On 2008-08-10 03:30:
>> When one considers all the important reasons to choose a crypto
>> implementation, support for one file format which is not used in any
>> standard protocols (e.g. TLS, SMIME) doesn't seem like a biggie.
>
> T
On Wed, Aug 6, 2008 at 1:11 PM, Eddy Nigg <[EMAIL PROTECTED]> wrote:
>
> In other words, Comodo would issue multiple certificates for the very
> same domain name? You could have multiple valid certificates for
> www.mozilla.com?
Technically, there is absolutely nothing wrong with this. Multiple
I
22 matches
Mail list logo
