Ian G wrote:
> "SSL protects data in transit but the problem isn't eavesdropping on the
> transmission. Someone can steal the credit card on some server
> somewhere. The real risk is data in storage. SSL protects against the
> wrong problem," he said.
That's like saying "No, no, mugging isn't a pr
Paul,
Paul Hoffman wrote:
It seems to me also that a self-signed certificate marked as a trust anchor,
ie. a root, probably shouldn't have an AIA extension.
Wait. No kind of certificate is marked as a trust anchor. I assume you probably me
"root" as in a self-signed cert with the CA bit tur
Eddy Nigg wrote:
On 12/27/2008 12:44 AM, Subrata Mazumdar:
A related question:
Is it possible to configure the NSS Soft-Token associated with the
internal slot like smart-card based token so that the private key key
cannot be exported out of the token?
If not, would it be useful feature to suppo
On 2-Jan-09, at 2:00 AM, Ian G wrote:
On 2/1/09 03:44, Kyle Hamilton wrote:
If he's a security and user interface expert, why is the security UI
so appallingly *bad*?
Not answering for gerv, but I would say: he is the human shield,
against all influences, inside and outside!
He's only on
On Dec 31 2008, 12:28 am, "Kyle Hamilton" wrote:
> (note: "unknown_issuer" without talking at all about who the issuer
> claims to be
you're missing a critical point:
the issuer is something about which we know nothing.
someone could claim "issuer: GOD" or "issuer: POTUS" or "issuer:
VeriSign".
On Dec 25 2008, 12:36 am, "Kyle Hamilton" wrote:
> To be honest, Mozilla doesn't distribute keytool with Firefox, which
> means that I have to try to go into the
> (unbatchable) interface
this is false.
the ui is built as xul with js bindings to c++ objects which use idl
to expose methods. the j
Is there any way I can suck back the last two messages I sent on this thread
and pretend they never happened? I guess not.
Please ignore my assertions about what the AIA extension does: I was completely
wrong. As we were making the AIA extension in the PKIX WG, we discussed
multiple proposals,
On 6/1/09 05:39, Kyle Hamilton wrote:
... since the policies of
Mozilla's root program maintain the requirements imposed by ANSI X9
*for financial certification authorities*.
Er, they do? Where is that?
iang
___
dev-tech-crypto mailing list
dev-t
On 5/1/09 22:16, Nelson B Bolyard wrote:
Ian G wrote, On 2009-01-05 11:28:
We know as a more or less accepted fact that the design of secure
browsing was for Credit Cards,
I believe that you've accepted that as fact. But PR and marketing is not
design. It was designed for MUCH more than mere
On 6/1/09 04:01, Eddy Nigg wrote:
On 01/06/2009 04:51 AM, Julien R Pierre - Sun Microsystems:
It seems to me also that a self-signed certificate marked as a trust
anchor, ie. a root, probably shouldn't have an AIA extension. At least
it wouldn't make much sense for it to point to any OCSP respon
Looking at the http://www.win.tue.nl/hashclash/rogue-ca/ attack
specifically...
The "Equifax Secure Global eBusiness CA-1" self-signed Root Certificate trust
anchor does *not* contain the Authority Info Access extension or CRL
Distribution Points extension.
The Rogue CA Certificate does *not* c
11 matches
Mail list logo
