Re: Verifying own client certificate firefox 2

2008-08-19 Thread Nelson Bolyard
F. wrote: > Anyone test Firefox 2 with client certificate + OCSP flag and > verification enabled? > To me, "internal error" . I do not know if this is a bug. We need more info than that to be able to provide any meaningful reply. I gather that you viewed your cert using the certificate manager, an

Re: Trusted CA issuing SSL server certs with unvetted FQDNs!

2008-08-19 Thread Nelson Bolyard
Wan-Teh Chang wrote: > On Tue, Aug 19, 2008 at 5:40 PM, Nelson Bolyard > <[EMAIL PROTECTED]> wrote: >> In a Network World column, >> http://www.networkworld.com/community/node/31124 >> the author writes: >> >>> At Black Hat '08 there was a great demonstration of how valid "internal >>> testing on

Re: Trusted CA issuing SSL server certs with unvetted FQDNs!

2008-08-19 Thread Eddy Nigg
Nelson Bolyard: > This is, of course, very serious, as it casts doubts on the value of SSL > and PKI for all products that use SSL. > > If we can determine what CA is doing this, I propose we pull them from > the trusted CA list immediately. > > Ask them! -- Regards Signer: Eddy Nigg, StartCom

Re: Trusted CA issuing SSL server certs with unvetted FQDNs!

2008-08-19 Thread Wan-Teh Chang
On Tue, Aug 19, 2008 at 5:40 PM, Nelson Bolyard <[EMAIL PROTECTED]> wrote: > In a Network World column, > http://www.networkworld.com/community/node/31124 > the author writes: > >> At Black Hat '08 there was a great demonstration of how valid "internal >> testing only" FQDN certificates for URLs

Trusted CA issuing SSL server certs with unvetted FQDNs!

2008-08-19 Thread Nelson Bolyard
In a Network World column, http://www.networkworld.com/community/node/31124 the author writes: > At Black Hat ‘08 there was a great demonstration of how valid “internal > testing only” FQDN certificates for URLs that you don’t control can be > obtained by anyone asking. The one obtained by the

Extracting and/or documenting Firefox's trusted root certs

2008-08-19 Thread Nelson Bolyard
Previously I wrote that one can create a PEM file containing all of Mozilla's trusted roots with a simple shell script. One can get a simple text list of those root cert's nicknames. Here's a simple (?) shell script to do it. It uses NSS's certutil program. It first produces a text file containi

Re: Documenting default trusted CAs

2008-08-19 Thread Dennis Darch
"Nelson B Bolyard" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Wan-Teh Chang wrote, On 2008-08-19 10:24: >> On Tue, Aug 19, 2008 at 9:23 AM, Dennis Darch <[EMAIL PROTECTED]> wrote: >>> In the next update of our software product we are using NSS 3.11.9 to >>> upgrade our LDAP cli

[Fwd: [P1619-3] Early Registration Deadline for KMS 2008 Extended to August 31, 2008]

2008-08-19 Thread Arshad Noor
FYI. Original Message Subject:[P1619-3] Early Registration Deadline for KMS 2008 Extended to August 31, 2008 Date: Sat, 16 Aug 2008 18:18:54 -0600 From: Matt Ball <[EMAIL PROTECTED]> Reply-To: Matt Ball <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] To give eve

Re: Documenting default trusted CAs

2008-08-19 Thread Frank Hecker
Nelson B Bolyard wrote: > Dennis Darch wrote, On 2008-08-19 09:23: >> In the next update of our software product we are using NSS 3.11.9 to >> upgrade our LDAP client to support LDAP/SSL. I would like to include in our >> documentation a list of the public certificate authorities that would be

Re: Documenting default trusted CAs

2008-08-19 Thread Wan-Teh Chang
On Tue, Aug 19, 2008 at 10:36 AM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > Wan-Teh Chang wrote, On 2008-08-19 10:24: >> On Tue, Aug 19, 2008 at 9:23 AM, Dennis Darch <[EMAIL PROTECTED]> wrote: >>> In the next update of our software product we are using NSS 3.11.9 to >>> upgrade our LDAP client

Re: Documenting default trusted CAs

2008-08-19 Thread Nelson B Bolyard
Wan-Teh Chang wrote, On 2008-08-19 10:24: > On Tue, Aug 19, 2008 at 9:23 AM, Dennis Darch <[EMAIL PROTECTED]> wrote: >> In the next update of our software product we are using NSS 3.11.9 to >> upgrade our LDAP client to support LDAP/SSL. I would like to include in our >> documentation a list of th

Re: Documenting default trusted CAs

2008-08-19 Thread Nelson B Bolyard
Dennis Darch wrote, On 2008-08-19 09:23: > In the next update of our software product we are using NSS 3.11.9 to > upgrade our LDAP client to support LDAP/SSL. I would like to include in our > documentation a list of the public certificate authorities that would be > trusted without having to b

Re: Documenting default trusted CAs

2008-08-19 Thread Wan-Teh Chang
On Tue, Aug 19, 2008 at 9:23 AM, Dennis Darch <[EMAIL PROTECTED]> wrote: > In the next update of our software product we are using NSS 3.11.9 to > upgrade our LDAP client to support LDAP/SSL. I would like to include in our > documentation a list of the public certificate authorities that would be

Documenting default trusted CAs

2008-08-19 Thread Dennis Darch
In the next update of our software product we are using NSS 3.11.9 to upgrade our LDAP client to support LDAP/SSL. I would like to include in our documentation a list of the public certificate authorities that would be trusted without having to be added to the client's cert8.db. Where would I

Verifying own client certificate firefox 2

2008-08-19 Thread F.
Anyone test Firefox 2 with client certificate + OCSP flag and verification enabled? To me, "internal error" . I do not know if this is a bug. -- -- Publicidad http://www.pas-world.com ___ dev-tech-crypto mailing list dev-tech-cr