Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread Nelson B Bolyard
Eddy Nigg wrote, On 2008-09-17 16:52: > There is absolutely no security issue at all with following the AIA CA > Issuer extension, otherwise FF could not use the same extension to find > the OCSP responder URL either. Nevertheless NSS does exactly that...uses > the OCSP URL listed in the AIA ext

Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread Eddy Nigg
On 09/18/2008 03:06 AM, Wan-Teh Chang: > It would be nice to contribute a patch for Apache/mod_ssl to validate > its own certificate chain at startup. > Perhaps then you should also offer a patch for IIS ;-) Ironic as it may sound, but as a matter of fact, Windows servers serve more secured web

Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread Wan-Teh Chang
On Wed, Sep 17, 2008 at 4:52 PM, Eddy Nigg <[EMAIL PROTECTED]> wrote: > > I've been banging my head against a wall here because of this FUD and > about misinformation which is absolutely incorrect. Sad, because there > are many FF users running into it. And it doesn't help to ignore the > fact that

Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread Eddy Nigg
On 09/18/2008 02:05 AM, David E. Ross: > Note that this is not a unique situation. See bug #390835 at > . Unfortunately, > Internet Explorer (IE) works around this situation by searching the > Internet for missing intermediate certificates. I

Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread David E. Ross
On 9/16/2008 7:12 AM, Fabio Spelta wrote: > Hello everybody and thanks for reading. > > Many educational institutions, among which there are various Italian > universities, are using X.509 certificates issued by the "Cybertrust > Educational CA" for their websites. > In Italy such certificates are

Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread Eddy Nigg
On 09/18/2008 01:37 AM, Kyle Hamilton: > Perhaps, Eddy, StartCom's roots were only approved for SSL Certificate > Authority. Did you not include a request for Email or Software > Development bits? > StartCom roots have currently email and server trust bits set on. There is currently a bug for en

Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread Kyle Hamilton
Perhaps, Eddy, StartCom's roots were only approved for SSL Certificate Authority. Did you not include a request for Email or Software Development bits? -Kyle H On Wed, Sep 17, 2008 at 11:11 AM, Eddy Nigg <[EMAIL PROTECTED]> wrote: > On 09/17/2008 09:01 PM, Nelson Bolyard: >> I wouldn't call it a

Re: How to encript raw data

2008-09-17 Thread Nelson B Bolyard
Francisco Puentes wrote, On 2008-09-17 14:27: > Yes, I know. > > Precisely I need RSA to encrypt a buffer to exchange sessions keys (very > small xml document), which will be used to encrypt the session with AES. > > So :-) Can NSS encrypt raw data? With RSA? NSS was designed around the FIPS 14

RE: How to encript raw data

2008-09-17 Thread Francisco Puentes
Yes, I know. Precisely I need RSA to encrypt a buffer to exchange sessions keys (very small xml document), which will be used to encrypt the session with AES. So :-) Can NSS encrypt raw data? -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Nelson Bolyard E

Re: How to encript raw data

2008-09-17 Thread Nelson Bolyard
Francisco Puentes wrote, On 2008-09-17 11:43: > Can NSS encrypt raw data? > > I have got into my code a pair of RSA keys generated and now I need > encrypt/decrypt binary data. > Something like: > > RSA_encrypt([public or private]key, void*in_data, long in_length, > void*out_data, long*out

Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread Fabio Spelta
> Yes, that's the right solution. It was, indeed. Testing it with other browser worked flawlessly, thus the misunderstanding. Thank you very much, -- Fabio ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/li

How to encript raw data

2008-09-17 Thread Francisco Puentes
Can NSS encrypt raw data? I have got into my code a pair of RSA keys generated and now I need encrypt/decrypt binary data. Something like: RSA_encrypt([public or private]key, void*in_data, long in_length, void*out_data, long*out_length); Does it exist?

Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread Nelson Bolyard
Eddy Nigg wrote, On 2008-09-16 11:46: > The CA certificate you referred above is signed by a CA root which is > included in NSS. Therefore the error you are seeing is a server side > installation failure and the server doesn't send the complete chain. Thanks for noticing that, Eddy. > This ha

Re: About the Cybertrust Educational CA certificate

2008-09-17 Thread Eddy Nigg
On 09/17/2008 09:01 PM, Nelson Bolyard: > I wouldn't call it a "known issue with Mozilla based products". > It's a requirement of the SSL/TLS specifications. That's correct. > It's an issue with servers that are not configured to conform to those > specifications. Right, but as I mentioned elsew

Re: Re-reading certificates at runtime - Java

2008-09-17 Thread Nelson B Bolyard
David B Hinz wrote, On 2008-09-11 09:13: > We are still encountering the problem detailed below that was described by > Steve over a year ago. > > Is there anyone that can provide some insight on how we can solve this > problem? > > What happens is that some of our applications must run 24x7 yet