Nelson Bolyard wrote:
> If you haven't already done so, read Dan Kaminsky's slides from his
> talk at blackhat. http://www.doxpara.com/DMK_BO2K8.ppt
Thanks for the link!
> Results attributed to Consumer Reports, showing that the number of
> people who ignore bad cert warnings is about equal to t
Nelson B Bolyard wrote:
> Howard Chu wrote, On 2008-08-17 22:21:
>>
> I think you're saying that you expect every library to have its own set of
> trusted certs, as if libraries -- and not true human users -- get to decide
> what certs are trusted and what are not. A human user doesn't need a
> s
I'm not talking 'security' here. I'm talking 'ease of management'.
Please allow me to iterate something that you seem to be absolutely
ignoring: I AM AWARE OF THE ISSUES THAT YOU HAVE STATED, AND THEY ARE
RECOGNIZED AND MITIGATED BY AND IN MY SECURITY POLICY AND
SECURITY-VERSUS-USABILITY-VERSUS-M
Kyle Hamilton wrote, On 2008-08-18 15:20:
> A library is a 'client'. You could replace Howard's use of 'user'
> with 'client' and get more understanding.
Oh, I quite understand that his model has keys and certs that belong to
libraries, not to users.
Of course, when a library brings access to th
On Mon, Aug 18, 2008 at 3:08 PM, Ruchi Lohani <[EMAIL PROTECTED]> wrote:
> Sure thing about the symlinks.
>
> dpkg -S libnss3.so gives
>
> libnss3-1d: /usr/lib/libnss3.so
> libnss3-1d-dbg: /usr/lib/debug/usr/lib/libnss3.so.1d
> libnss3-0d: /usr/lib/libnss3.so.0d
> libnss3-1d: /usr/lib/libnss3.so.1
A library is a 'client'. You could replace Howard's use of 'user'
with 'client' and get more understanding.
How about the case where each client is supposed to have its own
private key and certificate? I'm not talking about "client trusts a
different set of roots" (though that's also possible --
Sure thing about the symlinks.
dpkg -S libnss3.so gives
libnss3-1d: /usr/lib/libnss3.so
libnss3-1d-dbg: /usr/lib/debug/usr/lib/libnss3.so.1d
libnss3-0d: /usr/lib/libnss3.so.0d
libnss3-1d: /usr/lib/libnss3.so.1d
on my ubuntu (8.04) machine.
-Ruchi
-Original Message-
From: [EMAIL PROTE
On Mon, Aug 18, 2008 at 2:19 PM, Ruchi Lohani <[EMAIL PROTECTED]> wrote:
> It works a little different here.
> The binary compiled with libnss3.so (not as symlinks) on the system,
> works fine on Ubuntu with libnss3.so.1d and a symlinks as libnss3.so to
> libnss3.so.1d (apt-get takes care of making
Howard Chu wrote, On 2008-08-17 22:21:
> Nelson B Bolyard wrote:
>> Previously, someone criticized NSS, saying that it was designed for use
>> only on single-user systems, a criticism that I dispute. NSS is very much
>> oriented toward each user have his own set of trusted flags. In contrast to
>
Daniel Stenberg wrote, On 2008-08-18 14:07:
> On Sun, 17 Aug 2008, Kyle Hamilton wrote:
>
>> OpenSSL does not have a root-certificate program. The official
>> position (from http://www.openssl.org/support/faq.html#USER16) is that
>> the job of OpenSSL is to create the code to make trust possible,
It works a little different here.
The binary compiled with libnss3.so (not as symlinks) on the system,
works fine on Ubuntu with libnss3.so.1d and a symlinks as libnss3.so to
libnss3.so.1d (apt-get takes care of making that I suppose). Since the
binary depends on libnss3.so which it finds it as sy
On Sun, 17 Aug 2008, Kyle Hamilton wrote:
> OpenSSL does not have a root-certificate program. The official
> position (from http://www.openssl.org/support/faq.html#USER16) is that
> the job of OpenSSL is to create the code to make trust possible, not
> dictate who to trust.
>
> In fact, that same
On Mon, Aug 18, 2008 at 11:05 AM, Ruchi Lohani <[EMAIL PROTECTED]> wrote:
> So can I manually download the NSS and NSPR source from
> https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_R
> TM/src/nss-3.12-with-nspr-4.7.tar.gz
> and then compile it on Ubuntu? Will it solve the bu
So can I manually download the NSS and NSPR source from
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_R
TM/src/nss-3.12-with-nspr-4.7.tar.gz
and then compile it on Ubuntu? Will it solve the build problem to allow
me build it on Ubuntu and use
it on multiple Linux distros?
14 matches
Mail list logo
