On 15.01.2009 18:27, Reed Loden wrote:
Well, if you really want to go as far as to want mozilla.org's owner
to be MoFo, what do you say about the O= in the SSL certificate for
*.mozilla.org? The O= is currently Mozilla Corporation, rather than
Mozilla Foundation.
I don't care, myself. Not sur
Nelson B Bolyard wrote:
> 3. I wonder if the non-developer topics are already within the scope of
> another extant low-traffic list, namely dev-security (a.k.a.
> mozilla.dev.security), except that I think the new list does not belong
> in the "dev" hierarchy.
In an ideal world, it wouldn't, but i
Eddy Nigg wrote:
> On 01/05/2009 01:36 AM, Nelson B Bolyard:
>> 3. I wonder if the non-developer topics are already within the scope of
>> another extant low-traffic list, namely dev-security (a.k.a.
>> mozilla.dev.security), except that I think the new list does not belong
>> in the "dev" hierarch
Michael Ströder wrote, On 2009-01-15 08:23:
> Johnathan Nightingale wrote:
>> You may also be interested in the work on OCSP-stapling, so that no
>> third party learns about your browsing, but you still get a CA-signed
>> OCSP response. The CAs are interested in this too, since it takes the
>>
Johnathan Nightingale wrote:
> So, I will make the assertion that at least 80% of our users are not
> going to benefit from the technical details we include in that error
> message, and that while we could do another round of wording
> improvements to try to finesse that, the issue goes deeper. 80
ksreedha...@gmail.com wrote:
On Jan 14, 10:21 am, Glen Beasley wrote:
Sreedhar Kamishetti wrote:
Hello,
I just started looking at JSS.
Can some one point me to the API provided by JSS for running Power Up
and Conditional Self Tests for various cryptographic modules/algo
On Thu, 15 Jan 2009 17:23:53 +0100
Ben Bucksch wrote:
> On 15.01.2009 16:06, Johnathan Nightingale wrote:
> > I see. And what if, given that the foundation is a small entity with
> > few full time employees, they decided to contract out the management
> > of the technical side of things to, e.
Johnathan Nightingale wrote:
> On 9-Jan-09, at 9:38 AM, Michael Ströder wrote:
>> Can OCSP still be disabled? Personally I have strong privacy concerns
>> since when checking for a server cert via OCSP the OCSP responder knows
>> which server you try to access (because the FQDN is in the server cer
On 15.01.2009 16:06, Johnathan Nightingale wrote:
I see. And what if, given that the foundation is a small entity with
few full time employees, they decided to contract out the management
of the technical side of things to, e.g., the Mozilla Corporation?
They are already doing that. I am not
On 14-Jan-09, at 6:06 PM, Ben Bucksch wrote:
On 14.01.2009 20:28, Johnathan Nightingale wrote:
On 14-Jan-09, at 2:03 PM, Ben Bucksch wrote:
Foundation must hold the end of the string that controls it all -
both legally (board etc.) and technically (domain ownership, repo
backup copy (which
Jean-Marc Desperrier wrote:
> Michael Ströder a écrit :
>> [...]
>> A couple of days ago I've received a phishing spam e-mail with a
>> detailed description "how to accept the new more secure EV cert" of a
>> banking site. Obviously the goal was to trick the user to access a
>> phishing site. I did
11 matches
Mail list logo
