Kyle Hamilton wrote, On 2008-08-22 14:38:
> My understanding is that they were not allowed to use the Firefox
> brand because its terms of use conflicted with their packaging and
> freedom rules. Any additional changes after they changed the brand to
> IceWeasel might also affect the ability to us
My understanding is that they were not allowed to use the Firefox
brand because its terms of use conflicted with their packaging and
freedom rules. Any additional changes after they changed the brand to
IceWeasel might also affect the ability to use the Firefox brand, but
that wasn't the reason th
On aug. 22, 21:38, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote, On 2008-08-22 12:09:
>
> > On aug. 22, 19:43, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> >> What version of NSS are you using?
>
> > nss 3.11.4
> > nspr 4.6.4
>
> >> If you run the signtool program without
[EMAIL PROTECTED] wrote, On 2008-08-22 12:09:
> On aug. 22, 19:43, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
>> What version of NSS are you using?
>
> nss 3.11.4
> nspr 4.6.4
>
>> If you run the signtool program without any command line options, it outputs
>> a page of "usage" information. Th
On aug. 22, 19:59, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> giorgio <[EMAIL PROTECTED]> wrote on 2008-08-22 06:01 PDT:
>
> > When you create a test certificate with signtool it is valid only for
> > 3 months.
>
> It's valid for YOUR testing (only) for some time. It's not valid at any
> time f
Wan-Teh Chang wrote, On 2008-08-22 10:02:
> On Thu, Aug 21, 2008 at 10:43 AM, Daniel Stenberg <[EMAIL PROTECTED]> wrote:
>> On Thu, 21 Aug 2008, Wan-Teh Chang wrote:
>>
>>> Did you get your Firefox release from www.mozilla.com or from your Linux
>>> distribution?
>> I did say NSS 3.12, Firefox 3.01
On aug. 22, 19:43, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote, On 2008-08-22 05:51:
>
> > Hi,
>
> > I have a Verisign Digital ID Class 3 - Microsoft Software Validation
> > v2 certificate, which I would like to use to sign my xpi.
>
> > I have followed the steps described
Wan-Teh Chang wrote:
> I don't know how to get the exact version of certdata.txt in
> Firefox 3.0.1/NSS 3.12 from mxr.mozilla.org.
bonsai's cvsblame.cgi is somewhat better (though not perfect) for this -
try e.g.
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ckfw/builtins/c
Nelson B Bolyard:
> Gervase Markham wrote, On 2008-08-22 02:17:
>> Eddy Nigg wrote:
>>> Well, I don't agree with the statements above. It really depends what
>>> kind of DNS attack it is and how prepared the CA is and what the CA does
>>> about it.
>> Exactly my point. If the CA's DNS is secure, th
Gervase Markham wrote, On 2008-08-22 02:17:
> Eddy Nigg wrote:
>> Well, I don't agree with the statements above. It really depends what
>> kind of DNS attack it is and how prepared the CA is and what the CA does
>> about it.
>
> Exactly my point. If the CA's DNS is secure, the EV system is safe.
giorgio <[EMAIL PROTECTED]> wrote on 2008-08-22 06:01 PDT:
> When you create a test certificate with signtool it is valid only for
> 3 months.
It's valid for YOUR testing (only) for some time. It's not valid at any
time for generating signatures that will be verifiable by other users,
because it
[EMAIL PROTECTED] wrote, On 2008-08-22 05:51:
> Hi,
>
> I have a Verisign Digital ID Class 3 - Microsoft Software Validation
> v2 certificate, which I would like to use to sign my xpi.
>
> I have followed the steps described on this page
> http://oyoy.eu/huh/firefox-extension-code-signed-with-spc
On Thu, Aug 21, 2008 at 10:43 AM, Daniel Stenberg <[EMAIL PROTECTED]> wrote:
> On Thu, 21 Aug 2008, Wan-Teh Chang wrote:
>
>> Did you get your Firefox release from www.mozilla.com or from your Linux
>> distribution?
>
> I did say NSS 3.12, Firefox 3.01 and Debian Linux.
If you get your NSS 3.12 fr
Gervase Markham wrote, On 2008-08-22 02:17:
> I don't think we'd go as far as Subject matching. The point about EV is
> that the owner of the cert is a known legal "physical" entity somewhere.
AND that an identifier of that legal entity is easily available to the user
so that the user can make us
What are the key-usage and extended key-usage extension values
in the certificate issued by MS signtool?
Once a certificate has been issued, it cannot be changed. You
have to reissue the certificate (as a new one) if you want any
changes in it.
You should be able to generate a certificate of wha
Hi,
When you create a test certificate with signtool it is valid only for
3 months.
I would like to know whether it is possible to convert a microsoft
test certificate and use it with Firefox for object signing.
This is what I try to do:
1., I have a test.pfx created with microsoft signtool valid
Hi,
I have a Verisign Digital ID Class 3 - Microsoft Software Validation
v2 certificate, which I would like to use to sign my xpi.
I have followed the steps described on this page
http://oyoy.eu/huh/firefox-extension-code-signed-with-spc-pvk/
Briefly
1., I use pvkimport to convert spc and pvk to
Gervase Markham:
> Eddy Nigg wrote:
>> Even though I'm in favor of not mixing EV and other content, I think
>> this argument is moot. Chances that such an attack on a CA is successful
>> is most likely less than having you encounter such an attack yourself.
>
> What makes you think that's true?
>
Gervase Markham:
>
> Exactly my point. If the CA's DNS is secure, the EV system is safe. If
> it's not, it's not. So the two are linked, and they shouldn't be.
I think you meant DV, not EV here...
>
> Note I wasn't specifically talking about this attack, which the CAs may
> well have patched agai
Kyle Hamilton wrote:
> Even in the case where you require all-EV content, if you try to
> perform any additional matching of the Subject (which is what needs to
> be matched anyway) you're going to break third-party data feeds and
> services. For example, in the aforementioned case, even if Google
Nelson B Bolyard:
> Yeah, it's just not clear to me what legitimate role third party feeds
> have in an EV web page. In an http page, sure. In an EV https page?
> When the site is trying to say "You can be really sure you're dealing
> with me here", what role do third parties have in that? I don
Eddy Nigg wrote:
> Even though I'm in favor of not mixing EV and other content, I think
> this argument is moot. Chances that such an attack on a CA is successful
> is most likely less than having you encounter such an attack yourself.
What makes you think that's true?
Attacking a CA's DNS server
Eddy Nigg wrote:
> Well, I don't agree with the statements above. It really depends what
> kind of DNS attack it is and how prepared the CA is and what the CA does
> about it.
Exactly my point. If the CA's DNS is secure, the EV system is safe. If
it's not, it's not. So the two are linked, and the
Heikki Toivonen:
>
> That is not good enough. As long as it is possible to spoof DNS, it is
> possible to get DV certificate for any domain.
>
Even though I'm in favor of not mixing EV and other content, I think
this argument is moot. Chances that such an attack on a CA is successful
is most lik
Kyle Hamilton wrote:
> On Thu, Aug 21, 2008 at 10:24 AM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
>> I was informed privately that it means that Firefox shows EV chrome
>> indicators, even for pages that contain some DV content.
>
> Er, if this didn't happen, PayPal wouldn't be able to show chr
25 matches
Mail list logo
