Paul,
Paul Hoffman wrote:
I disagree with Julien on two items in this thread.
At 5:31 PM -0700 10/20/08, Julien R Pierre - Sun Microsystems wrote:
If the root could "revoke itself", in the case of root cert key compromise, ie.
the root cert's private key becoming public, anybody could then si
Kyle,
Kyle Hamilton wrote:
On Mon, Oct 20, 2008 at 5:31 PM, Julien R Pierre - Sun Microsystems
<[EMAIL PROTECTED]> wrote:
If the root could "revoke itself", in the case of root cert key compromise,
ie. the root cert's private key becoming public, anybody could then sign
revocation information f
Frank Hecker wrote:
> Ian G wrote:
>> The goals of Mozo are written somewhere else, and they only speak
>> softly to the issue of security from memory. I think it is worth
>> revisiting them, perhaps someone has them to hand?
>
> Are you referring to the high-level goals of the Mozilla Foundation
At 2:02 PM + 10/21/08, Frank Hecker wrote:
>Paul Hoffman wrote:
>>If you want to to be able to "revoke" roots, please consider instead
>>getting active in the current work on TAMP (trust anchor management
>>protocol) being discussed in the PKIX WG.
>
>Thanks for the suggestion; I presume that
>
Frank Hecker wrote:
> [I'm trying to catch up on these threads, my apologies for the delay. I
> don't have time to respond to every message, unfortunately.]
(I understand, I also feel the pressure.)
> Ian G wrote:
>> If that was true, there would likely be an agreement between Mozilla
>> and Ver
On Mon, Oct 20, 2008 at 5:31 PM, Julien R Pierre - Sun Microsystems
<[EMAIL PROTECTED]> wrote:
>
> If the root could "revoke itself", in the case of root cert key compromise,
> ie. the root cert's private key becoming public, anybody could then sign
> revocation information for that root CA - wheth
Ian G wrote:
The goals of Mozo are written somewhere else, and they only speak
softly to the issue of security from memory. I think it is worth
revisiting them, perhaps someone has them to hand?
Are you referring to the high-level goals of the Mozilla Foundation (not
necessarily security-rela
[I'm trying to catch up on these threads, my apologies for the delay. I
don't have time to respond to every message, unfortunately.]
Ian G wrote:
If that was true, there would likely be an agreement between Mozilla
and Verisign (following the above RPA tradition) explicitly giving
Mozilla permi
Paul Hoffman wrote:
If you want to to be able to "revoke" roots, please consider instead
getting active in the current work on TAMP (trust anchor management
protocol) being discussed in the PKIX WG.
Thanks for the suggestion; I presume that
http://www.ietf.org/internet-drafts/draft-ietf-pkix-t
Ian G:
Nelson B Bolyard wrote:
It is widely agreed that, since KCM has no central revocation facility,
KCM is not central, period. Talking about revocation is a strawman.
I think that's the point he is making.
What's your point? Sounds to me like most of the last 1000 security
bugs. P
10 matches
Mail list logo
