On 12/17/2008 09:14 PM, Frank Hecker:
Kyle Hamilton wrote:
Actually, the 'threat model' is more related to versioning (via
timestamp) than anything, and to ensure that no malware on my system
(I try to keep it malware-free, obviously, but I also know that just
because I don't think I've been hac
Kyle Hamilton wrote:
Actually, the 'threat model' is more related to versioning (via
timestamp) than anything, and to ensure that no malware on my system
(I try to keep it malware-free, obviously, but I also know that just
because I don't think I've been hacked doesn't mean I haven't been)
modifi
Hi all,
I have tried to read all the certificates in NSS. Unfortunately the
current setting only allowed listing of either soft token certficates
in NSS or the smart card token . My objective is to read all the
certiifates inside the firefox keystores, the soft token and smart
card certificates as
Actually, the 'threat model' is more related to versioning (via
timestamp) than anything, and to ensure that no malware on my system
(I try to keep it malware-free, obviously, but I also know that just
because I don't think I've been hacked doesn't mean I haven't been)
modifies a local copy I make.
Eddy Nigg wrote, On 2008-12-17 02:31:
> On 12/17/2008 08:54 AM, Nelson B Bolyard:
>> But I did dig up the URLs for the 4 CA certs, and examined those certs.
>> Each of them has a separate subject name, public key, subject key ID,
>> authority key ID, and of course validity period.
>
> As suspecte
On 12/17/2008 06:06 PM, Frank Hecker:
I've asked Kathleen Wilson in future to convert the CA information
documents to PDF format before uploading them to Bugzilla. I've also
converted the information document for S-TRUST to PDF myself, and
uploaded it to bug 370627.
Excellent! I guess Nelson ca
Nelson B Bolyard wrote:
Further, if (as the bug suggests) the REAL PRIMARY purpose of this CA
is to provide German citizens with SSL client certificates, and it is
not used to issue SSL server certs, then it is (or should be) unnecessary
for their browsers to have this CA cert AT ALL. For SSL cl
I've asked Kathleen Wilson in future to convert the CA information
documents to PDF format before uploading them to Bugzilla. I've also
converted the information document for S-TRUST to PDF myself, and
uploaded it to bug 370627.
As for digitally signing these PDF documents, I think we need to
On 12/17/2008 01:45 PM, Ian G:
On 17/12/08 12:29, Kyle Hamilton wrote:
... (Then again, I'd also request a signed PDF;
maybe Kathleen can get a PDF signing cert from StartCom? ;))
LOL... what happens when a CA puts up a signed document? Well, you can't
trust it because the CA isn't yet in the
Hi All,
I want to encourage all participants to change the subject line if the
thread starts at a specific inclusion request, but the continued
discussion isn't directly related to the request itself.
I admit of being guilty on this as well and I haven't changed the
subject line myself many
On 17/12/08 12:42, Kyle Hamilton wrote:
I would very much like to see the implementing regulations that they
think causes them to need a new root rekey every year.
Yes, worthwhile to ask for that, because it will prepare the ground for
the other German CAs.
But... ... and would also vi
On 17/12/08 02:42, Nelson B Bolyard wrote:
Frank Hecker wrote:
* Per German law S-TRUST issues one new root CA certificate for every
year, with each root cert having a 5-year lifetime.
Have they legislated that pi is 3 again?
Welcome to Europe, we hope you enjoyed your flight, and will tra
On 17/12/08 12:29, Kyle Hamilton wrote:
... (Then again, I'd also request a signed PDF;
maybe Kathleen can get a PDF signing cert from StartCom? ;))
LOL... what happens when a CA puts up a signed document? Well, you
can't trust it because the CA isn't yet in the root list.
In general, it
I would very much like to see the implementing regulations that they
think causes them to need a new root rekey every year. A new CA
issued by a root, sure... but a new root? That's outlandish and a
substantial burden on the browser vendors.
I agree with the cross-certification aspect of Nelson'
On 17/12/08 11:31, Eddy Nigg wrote:
On 12/17/2008 08:54 AM, Nelson B Bolyard:
One of the reasons I asked the question is that MS Word files present a
problem for me.
I use OpenOffice, and you?
Me too on both. MS Word or ODT files are a pain. I just want read the
stuff, not have to fire
I would request PDF. (Then again, I'd also request a signed PDF;
maybe Kathleen can get a PDF signing cert from StartCom? ;))
-Kyle H
On Wed, Dec 17, 2008 at 2:31 AM, Eddy Nigg wrote:
> On 12/17/2008 08:54 AM, Nelson B Bolyard:
>>
>> One of the reasons I asked the question is that MS Word files
Eddy Nigg wrote:
>> So, My advice is: just say no. Don't take on the burden of adding a
>> new root CA cert every year when there is no good need. Please consider
>> this an objection to including those roots in the root CA list.
>As indicated earlier, I think it unreasonable as well. And this
On 12/17/2008 08:54 AM, Nelson B Bolyard:
One of the reasons I asked the question is that MS Word files present a
problem for me.
I use OpenOffice, and you?
Kathleen could have published those files as ODT, but I suspect that for
the benefit of all users, she preferred to publish DOC files
18 matches
Mail list logo
