Hi!
Anyone knows the implemented PKCS#11 versions in NSS versions used in
Firefox 2.x and 3.x? Is it PKCS#11 v2.11 or 2.20 ?
Thanks,
--
Martin Paljak
http://martin.paljak.pri.ee
+372.515.6495
___
dev-tech-crypto mailing list
dev-tech-crypto@lis
Kyle,
Kyle Hamilton wrote:
So, essentially, what you're saying is that it was a targeted attack
against a user, instead of an attack targeted against a server?
Apparently, keeping track of keys in certificates placed individually
into NSS might be a good idea regardless.
The attacker absolute
So, essentially, what you're saying is that it was a targeted attack
against a user, instead of an attack targeted against a server?
Apparently, keeping track of keys in certificates placed individually
into NSS might be a good idea regardless.
-Kyle H
On Thu, Nov 6, 2008 at 5:09 PM, Nelson B Bo
Ian G wrote, On 2008-11-06 15:06:
> Nelson B Bolyard wrote:
>> Ian G wrote, On 2008-11-06 12:48:
>>> Nelson B Bolyard wrote:
What curious things do you notice about these certs?
>>> Only one key?
>> Yup. That's the biggie. It allows the MITM to get by with just a
>> single private key.
>
Ian G wrote:
Nelson B Bolyard wrote:
Ian G wrote, On 2008-11-06 12:48:
Nelson B Bolyard wrote:
What curious things do you notice about these certs?
Only one key?
Yup. That's the biggie. It allows the MITM to get by with just a
single private key.
OK. We can of course all imagine ways
Nelson B Bolyard wrote:
Ian G wrote, On 2008-11-06 12:48:
Nelson B Bolyard wrote:
What curious things do you notice about these certs?
Only one key?
Yup. That's the biggie. It allows the MITM to get by with just a
single private key.
OK. We can of course all imagine ways to exploit th
Ian G wrote, On 2008-11-06 12:48:
> Nelson B Bolyard wrote:
>> What curious things do you notice about these certs?
>
> Only one key?
Yup. That's the biggie. It allows the MITM to get by with just a
single private key.
> All have same Issuer + Subject?
Yeah, all self signed. All DNs consis
Kyle,
Kyle Hamilton wrote:
Should there be a check to make sure that disparate sites aren't using
the same public key modulus/exponent?
That would be fairly hard to implement reliably.
Currently, we don't persist end-entity certs of web sites in general in PSM.
Even if we did, what is the l
...and they're all using MD5?
-Kyle H
On Thu, Nov 6, 2008 at 12:48 PM, Ian G <[EMAIL PROTECTED]> wrote:
> Nelson B Bolyard wrote:
>>
>> What curious things do you notice about these certs?
>
>
> Only one key? All have same Issuer + Subject?
>
> iang
>
Aside from the fact that they all claim to be issued by themselves,
but the key modulus is the same across all of them?
Perhaps the fact that they're all version 3 certificates that don't
show any version 3 extensions, such as "keyUsage" and
"extendedKeyUsage"?
Should there be a check to make sur
Nelson B Bolyard wrote:
What curious things do you notice about these certs?
Only one key? All have same Issuer + Subject?
iang
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
What curious things do you notice about these certs?
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1224169969 (0x48f759f1)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: "CN=unaportal.una.edu,O=University of North Alabama"
Validity:
Dean wrote, On 2008-11-06 04:47 PST:
> I entered a defect with test case for this a while back and have not
> seen any comments on it.
Yeah, 4 days ago. Be patient. Thanks.
> https://bugzilla.mozilla.org/show_bug.cgi?id=458251
/Nelson
___
dev-tech-c
Bernie Sumption wrote, On 2008-11-06 03:57:
> Graham, Nelson, Eddy, you all make good points.
>
> I'll take your word for it that it's impossible to detect MITM attacks
> with 100% reliability, as I said I'm not a security expert.
>
> How about an MITM detection service that gives no false positi
Specifically it's built from Red Hat Enterprise Linux (RHEL) sources with the
Red Hat proprietary pieces removed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Kai Engert
Sent: Thursday, November 06, 2008 8:26 AM
To: mozilla's crypto code discussion l
Nelson B Bolyard wrote:
Pardon my ignorance, but, what is CentOS ?
CentOS is the name of a Linux distribution.
Kai
smime.p7s
Description: S/MIME Cryptographic Signature
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https:
Has anybody else seen or be able to reproduce this.
Using JSS, if you create an SSLServerSocket with need or want client
auth set to true, and you attempt a handshake with a client that does
not send a client certificate, JSS throws some native exception that
brings down the VM.
Thread: main (pri
Graham, Nelson, Eddy, you all make good points.
I'll take your word for it that it's impossible to detect MITM attacks
with 100% reliability, as I said I'm not a security expert.
How about an MITM detection service that gives no false positives, but
might give false negatives? If you positively i
David E. Ross wrote, On 2008-11-05 16:10:
> I'm having a problem with a credit union's Web site (which prompted my
> other message "IP Address Question" in mozilla.support.seamonkey).
>
> Sometimes when I access the site's home page -- which is https --
> everything is okay; a secure session is es
19 matches
Mail list logo
