Re: questions on root creation

Ian G wrote, On 2008-09-24 05:12: > Nelson B Bolyard wrote: >> Ian G wrote: >>> Nelson B Bolyard wrote: >>> The curiosity here is that the Certificate Policies extension may >>> not be shown prominently by software. As the point of the cert is >>> to make some claim to the user, and the essence of

Re: enabling crypto hardware for NSS

capricieuse wrote, On 2008-09-24 05:04: > I am developing an application for signing Web Formular and i m using > a UsbToken to get to the Private Key. > I what that my application connecte from the server side to client > side and load information from the Token to the server where the > signature

Re: Working on Perl bindings for NSS

Wan-Teh Chang wrote: > On Wed, Sep 24, 2008 at 2:28 AM, Claes Jakobsson <[EMAIL PROTECTED]> wrote: >> The module itself will be licenced under the MIT license so if you >> want to include it with the nss distro please feel free to do so. >> >> My SVN repo is at http://svn.versed.se/public/ (altho

Re: Re-reading certificates at runtime - Java

Wan-Teh Chang wrote, On 2008-09-24 11:24: > On Tue, Sep 23, 2008 at 11:35 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: >> David B Hinz wrote: >>>In the Java code the JSS (or libjss.so) code is apparently holding on to >>>the certificates when it first reads them. When the certs are chan

Re: Working on Perl bindings for NSS

On Wed, Sep 24, 2008 at 2:28 AM, Claes Jakobsson <[EMAIL PROTECTED]> wrote: > Hi, > > I just wanted to drop a note saying that I'm working on Perl bindings > for NSS. I saw there was a previous discussion about using SWIG but > imho swig doesn't produces a very Perl-like API. > > I'm starting with

Re: Error in CERT_ImportCerts

brianhks wrote, On 2008-09-24 08:16: > The following is my code to import a der encoded CA certificate. I'm > getting a memory access down in CERT_ImportCerts. It looks like it is > trying to access a pointer that is set to 0x3 instead of a valid > pointer. > > So I have two questions is this co

Re: Re-reading certificates at runtime - Java

On Tue, Sep 23, 2008 at 11:35 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > David B Hinz wrote: >>In the Java code the JSS (or libjss.so) code is apparently holding on to >>the certificates when it first reads them. When the certs are changed >>in the /home/user/.ldapcerts/key3.db

Re: Generate PKCS12 not containing CA certificates

Paco wrote, On 2008-09-24 04:17: > On 22 sep, 21:19, Nelson B Bolyard wrote: > you can't also export a pkcs12 containing just CA certifcates, which I > belive is something accepted in the pkcs12 standard, Mere certificates which need no encryption. There is no need to use PKCS#12 to transfer the

Error in CERT_ImportCerts

The following is my code to import a der encoded CA certificate. I'm getting a memory access down in CERT_ImportCerts. It looks like it is trying to access a pointer that is set to 0x3 instead of a valid pointer. So I have two questions is this code the correct way of doing it? Does anyone have

Re: questions on root creation

On 09/24/2008 03:12 PM, Ian G: > Nelson B Bolyard wrote: >> For PKI to work with ordinary mom-N-pop users, there must be a small >> set of claims common to all CAs honored by a browser. > > > Um. Can you point to that small set of claims? > He meant perhaps this: http://www.mozilla.org/projects/

Re: questions on root creation

Nelson B Bolyard wrote: > Ian G wrote: >> Nelson B Bolyard wrote: > >> The curiosity here is that the Certificate Policies extension may >> not be shown prominently by software. As the point of the cert is >> to make some claim to the user, and the essence of that claim is >> somehow pertinent to

Re: enabling crypto hardware for NSS

I am developing an application for signing Web Formular and i m using a UsbToken to get to the Private Key. I what that my application connecte from the server side to client side and load information from the Token to the server where the signature system will be achived. First i m not sure that t

Re: Generate PKCS12 not containing CA certificates

On 22 sep, 21:19, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > Paco wrote, On 2008-09-21 23:46: > > > I read the elf headers for every > > shared library distributed with firefox and the symbol > > SEC_PKCS12AddCertAndKey was defined, but SEC_PKCS12AddCert and > > SEC_PKCS12AddKeyForCert weren't

Working on Perl bindings for NSS

Hi, I just wanted to drop a note saying that I'm working on Perl bindings for NSS. I saw there was a previous discussion about using SWIG but imho swig doesn't produces a very Perl-like API. I'm starting with the SSL bits since that what I personally need currently but eventually I'll try t

Re: questions on root creation

Paul Hoffman wrote: > At 2:29 PM -0700 9/22/08, Nelson B Bolyard wrote: >> Ian G wrote, On 2008-09-22 09:45: >> > * Naming - any constraints? >>> + O >>> + CN >>> + OU - optional? >>> + Firefox 3 displays O whereas Thunderbird displays CN. >>>What is the preference he

Re: questions on root creation

Ian G wrote: > Paul Hoffman wrote: >> NIST's tables are for "Federal Government unclassified applications" >> (see the table intro on page 65). NIST does not set the rules for US >> Govt secrets; the NSA does. See >> . > > Thank you Nelson! M

Re: questions on root creation

Paul Hoffman wrote: > At 4:59 PM -0700 9/23/08, Nelson B Bolyard wrote: >> In finality, you have to pick a table from someone you believe has done a >> really good job of analyzing it. > > Right. > >> Given that NIST's tables are the basis >> for the US Government's protection of its own secrets,