If this is the case, then I have to say that this entire discussion is
outside the realm of this list and should instead be moved to the
security list.
-Kyle H
On Thu, Aug 21, 2008 at 9:32 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> Kyle Hamilton wrote, On 2008-08-21 14:31:
>> On Thu, Aug 2
Kyle Hamilton wrote, On 2008-08-21 14:31:
> On Thu, Aug 21, 2008 at 10:24 AM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
>> I was informed privately that it means that Firefox shows EV chrome
>> indicators, even for pages that contain some DV content.
>
> Er, if this didn't happen, PayPal wouldn'
Kyle Hamilton:
>> Indeed everything not coming from the same web site which is otherwise
>> EV should be blocked. It's something like "mixed content"...
>>
>
> So, you're stating that you propose that anyone using EV is suddenly
> required (due to the Subject restriction) to move ALL aspects of the
On Thu, Aug 21, 2008 at 2:41 PM, Eddy Nigg <[EMAIL PROTECTED]> wrote:
> Kyle Hamilton:
>>
>> Even in the case where you require all-EV content, if you try to
>> perform any additional matching of the Subject (which is what needs to
>> be matched anyway) you're going to break third-party data feeds
Kyle Hamilton:
>
> Even in the case where you require all-EV content, if you try to
> perform any additional matching of the Subject (which is what needs to
> be matched anyway) you're going to break third-party data feeds and
> services. For example, in the aforementioned case, even if Google
> w
On Thu, Aug 21, 2008 at 10:24 AM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
>
> I was informed privately that it means that Firefox shows EV chrome
> indicators, even for pages that contain some DV content.
Er, if this didn't happen, PayPal wouldn't be able to show chrome
indicators. Among othe
Ruchi Lohani wrote, On 2008-08-21 10:44:
> Thanks for all the links.
> What I am looking for is specific functions to verify a signed file
> (both signers certificate and the signed content).
> I need to then get the signed content from the file.
The program cmsutil already does all that.
I sugges
On Thu, 21 Aug 2008, Wan-Teh Chang wrote:
> Did you get your Firefox release from www.mozilla.com or from your Linux
> distribution?
I did say NSS 3.12, Firefox 3.01 and Debian Linux.
> If you get your Firefox release from your Linux distribution, you need to
> get the source package for that
Thanks for all the links.
What I am looking for is specific functions to verify a signed file
(both signers certificate and the signed content).
I need to then get the signed content from the file.
Thanks
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of N
Nelson B Bolyard wrote, On 2008-08-21 10:04:
> Gervase Markham wrote, On 2008-08-21 05:09:
>> Nelson Bolyard wrote:
>>> If you haven't already done so, read Dan Kaminsky's slides from his
>>> talk at blackhat. http://www.doxpara.com/DMK_BO2K8.ppt
>>>
>>> After he presents the DNS attack, he talks
Gervase Markham wrote, On 2008-08-21 05:09:
> Nelson Bolyard wrote:
>> If you haven't already done so, read Dan Kaminsky's slides from his
>> talk at blackhat. http://www.doxpara.com/DMK_BO2K8.ppt
>>
>> After he presents the DNS attack, he talks about SSL, certs, and what
>> browsers must do to ge
On Thu, Aug 21, 2008 at 12:16 AM, Daniel Stenberg <[EMAIL PROTECTED]> wrote:
> On Thu, 21 Aug 2008, Kyle Hamilton wrote:
>
>> The current certdata.txt in the repository is not the one that generated
>> your version of Firefox. (There have been a couple of changes in the past
>> couple of months, a
Gervase Markham:
> Nelson Bolyard wrote:
>> If you haven't already done so, read Dan Kaminsky's slides from his
>> talk at blackhat. http://www.doxpara.com/DMK_BO2K8.ppt
>>
>> After he presents the DNS attack, he talks about SSL, certs, and what
>> browsers must do to get read security against DNS
Nelson Bolyard wrote:
> If you haven't already done so, read Dan Kaminsky's slides from his
> talk at blackhat. http://www.doxpara.com/DMK_BO2K8.ppt
>
> After he presents the DNS attack, he talks about SSL, certs, and what
> browsers must do to get read security against DNS attacks from SSL and
>
Nelson B Bolyard wrote:
> Ruchi Lohani wrote, On 2008-08-20 21:31:
>> Thanks Nelson.
>> And sorry about the subject of the mail. I wanted to ask about that also.
>> What are the equivalent APIs in NSS which probably can replace the BIO
>> I/O abstraction of OpenSSL ?
>
> Years have elapsed since I
On Thu, 21 Aug 2008, Kyle Hamilton wrote:
> The current certdata.txt in the repository is not the one that generated
> your version of Firefox. (There have been a couple of changes in the past
> couple of months, and no client releases.)
But where is the certdata.txt that was used for my Firef
The current certdata.txt in the repository is not the one that
generated your version of Firefox. (There have been a couple of
changes in the past couple of months, and no client releases.)
-Kyle H
On Wed, Aug 20, 2008 at 11:05 PM, Daniel Stenberg <[EMAIL PROTECTED]> wrote:
> On Wed, 20 Aug 2008
17 matches
Mail list logo
