Jim,
Knoke, Jim wrote:
> I see that NSS can be used for a number of applications in order to make
> those apps FIPS-certified, but I'm not clear on whether it can be used
> for IPsec. Will an IKE daemon like raccoon actually use the NSS stuff?
> Would ESP functionality buried in the network sta
David,
David Stutzman wrote:
>> If you are only trying to protect the private key from being
>> extracted,
>> then the answer is obvious - don't use a software token, use
>> an HSM that
>> stores the key in such a way that it cannot be extracted.
>
> And when Julien says HSM, a USB crypto tok
I see that NSS can be used for a number of applications in order to make
those apps FIPS-certified, but I'm not clear on whether it can be used
for IPsec. Will an IKE daemon like raccoon actually use the NSS stuff?
Would ESP functionality buried in the network stack use the NSS
algorithms? I'm not
I still think USB has a much higher chance of a high adoption rate.
But, the ISO has Spoken, which is where we got the abomination that is
X.500/X.509 and also the abomination that is the Smart Card Interface.
-Kyle H
On Wed, Oct 1, 2008 at 3:44 AM, Anders Rundgren
<[EMAIL PROTECTED]> wrote:
> ht
Mi comments inline
Robert Relyea wrote:
> Subrata Mazumdar wrote:
>> Bob,
>> I implemented the importing and exporting of private key from PKCS#8
>> file using NSS API.
>> Here is what I found based on my testing :
>>
>> Using Mozilla NSS API, I can only import/export private key in PKCS#8
>> fo
http://fedoraproject.org/wiki/FedoraCryptoConsolidation
It is understandable that the Linux community is looking with a
certain envy on Microsoft's and Apple's united crypto architectures.
I'm personally unconvinced that there is much point in trying to
mimic these schemes due to the fact that cr
> If you are only trying to protect the private key from being
> extracted,
> then the answer is obvious - don't use a software token, use
> an HSM that
> stores the key in such a way that it cannot be extracted.
And when Julien says HSM, a USB crypto token would provide security
vastly superi
Michael Leupold wrote:
I'm the maintainer of the KDE Wallet system and I'm currently in
process of starting a freedesktop.org specification for storage for
secret information like passwords or certificates. Other people
involved in this project are the gnome keyring developer and
developers of o
Hi Michael,
I'm running a potentially "combinable" project:
http://webpki.org/papers/keygen2/keygen-all-protocol-steps.html
Although PKCS #12 is cool, it is hardly for the masses and
generateCRMFRequest is a bit on the primitive side since it
for example doesn't allow issuers to set PIN policies.
A good idea. But please do not forget that keyrings can also contain
'real keys' and try to mimic apple keychain - do not forget hardware
cryptography solutions such as smart cards. Absence of a common API
and generic fragmentation of *nix world (openssl, nss, pkcs11, gnutls,
openssh etc et
Hi,
(Someone directed me here after posting to dev-apps-firefox - I hope
this is the right list)
I'm the maintainer of the KDE Wallet system and I'm currently in
process of starting a freedesktop.org specification for storage for
secret information like passwords or certificates. Other people
invo
11 matches
Mail list logo
