Jean-Daniel,
Jean-Daniel wrote:
Since the death of OpenDarwin, I think the only Darwin stand alone
projet is PureDarwin.
But there is not yet a stable version. And in the list of required
processor, all listed processor have SSE2.
http://www.puredarwin.org/users/prerequisites
Theoretically it
On Jan 24, 1:09 am, Julien R Pierre - Sun Microsystems
wrote:
> Jean-Daniel,
>
> Jean-Daniel wrote:
> > Everything is green.
>
> Great !
>
> > The new asm file does not try to determine at runtime if SSE2 is
> > present, but it does it at compile time.
> > By default the Apple GCC version define _
Hi,
I think there is an SSL blacklist as well.
Yes, there is. I am specifically asking if someone has published the
actual private key data - the actual keys, not a list. I do not know if
it would be good for such a list to become public as it would make
exploiting the vulnerability easier f
Jean-Daniel wrote, On 2009-01-21 07:43:
>> What OS?
>
> Mac OS 10.5.6 (darwin 9.6.0)
Pardon my display of ignorance regarding MacOS/X, but ...
What exactly is darwin?
Is it just another name for MacOS X?
Is it MacOS X for x86 PCs?
Is it some alternative to Apple's standard Mac OS X?
or ??
--
de
Julien R Pierre - Sun Microsystems wrote, On 2009-01-23 16:09:
> Jean-Daniel,
> Please open a bug in bugzilla, and attach your patches there, as well as
> information from this thread.
That bug already exists. The patch is already attached.
Search for NSS bugs with Darwin in the subject.
--
de
Jean-Daniel,
Jean-Daniel wrote:
Everything is green.
Great !
The new asm file does not try to determine at runtime if SSE2 is
present, but it does it at compile time.
By default the Apple GCC version define __SSE2__, so the default is to
use it on Mac.
And as mention before, all supported M
Jean-Daniel,
Jean-Daniel wrote:
In fact, I do not directly use the OpenSSL generator, I'm using the
CDSA keygen API and it return a PKCS1 public key and a PKCS8 private
key.
After that, I can decode the public key using SEC_ASN1DecodeItem with
the SECKEY_RSAPublicKeyTemplate and I can use
PK11
On 23/1/09 21:56, Florian Weimer wrote:
* Michael Ströder:
Florian Weimer wrote:
What about requiring that all certificates must be published by the CA
(including sub-CAs)?
No, this might lead to also revealing internal DNS names never meant to
be public.
Huh? Typical CA policies explicitl
"Having said that, neither myself nor the company I run have gained
financially from this - currently it seems that all CAs have taken
damage. Reckless behavior is ruining our businesses, the trust we try
to
build and the strengthening of Internet security at large is put into
jeopardy. It is my du
On 01/23/2009 10:56 PM, Florian Weimer:
* Michael Ströder:
Florian Weimer wrote:
What about requiring that all certificates must be published by the CA
(including sub-CAs)?
No, this might lead to also revealing internal DNS names never meant to
be public.
Huh? Typical CA policies explicitl
* Michael Ströder:
> Florian Weimer wrote:
>> What about requiring that all certificates must be published by the CA
>> (including sub-CAs)?
>
> No, this might lead to also revealing internal DNS names never meant to
> be public.
Huh? Typical CA policies explicitly state that subscriber
certific
* Chris Hills:
> Florian Weimer wrote:
>>> Perhaps Mozilla should change its policy to require CAs to revoke certs
>>> when the private key is known to be compromised, whether or not an attack
>>> is in evidence, as a condition of having trust bits in Firefox.
>>
>> I don't think this can be made
Johnathan Nightingale wrote, On 2009-01-22 13:37:
> I would love a way to query the data directly, do you know of such a
> front end, particularly for SQLite?
I suppose you meant a "front end" for a web server, where the results
appear in web pages. I don't have one of those.
There is a Fir
* Jan Schejbal:
> I know, but they are SSH only as far as I can see. Is there such a
> release for SSL? And would you consider such a release a good idea? (I
> see little value for both attackers and legitimate use)
You need it if someone claims that your weak key detector has a false
positive be
Hi all and excuse my english,
I'm using the next two lines in an applet and run it on windows xp.
com.sun.deploy.config.Config con = new com.sun.deploy.config.WinConfig();
System.out.println("firefox?? "+con.isBrowserFireFox());
On FF2 the result is "firefox?? true", but on FF3 is "firefox?? fal
On 01/23/2009 04:02 PM, Eddy Nigg:
I don't get it. Is 3% of all web sites a risk high enough to take
(force) actions or not? Or the chance to explode in your care during the
life-time of said car?
To make it crystal-clear. 3% of all web sites were affected by weak
keys, keys which were publi
On 01/23/2009 03:44 PM, Ian G:
Yet we all do it. And, it should be entirely logical that if a chance of
a fireball does not measurably change that risk
I guess 3% is a high enough risk even for somebody like you.
I don't get it. Is 3% of all web sites a risk high enough to take
(force) act
On 01/23/2009 03:59 PM, Jan Schejbal:
Hi,
[weak keys]
Some of them can be found here:
http://metasploit.com/users/hdm/tools/debian-openssl/
I know, but they are SSH only as far as I can see. Is there such a
release for SSL? And would you consider such a release a good idea? (I
see little valu
Hi,
[weak keys]
Some of them can be found here:
http://metasploit.com/users/hdm/tools/debian-openssl/
I know, but they are SSH only as far as I can see. Is there such a
release for SSL? And would you consider such a release a good idea? (I
see little value for both attackers and legitimate u
On 23/1/09 13:52, Eddy Nigg wrote:
Yet we all do it. And, it should be entirely logical that if a chance of
a fireball does not measurably change that risk
I guess 3% is a high enough risk even for somebody like you.
I'm curious, do you think that other people will respect childish
commen
On 01/23/2009 02:26 PM, Ian G:
Sigh. You destroy your own argument. We *all know* but some of us choose
to ignore that driving a car is a very risky thing, and people die all
the time.
Well, sorry, I'm not in your camp nor do I see it this way. We strife
for 100% whenever possible. This was cl
On 22/1/09 16:58, Eddy Nigg wrote:
Supposed you own a car which has the flaw that once in a while the
engine explodes in a huge fireball. Now the vendor of the car knows
about it and recalls all cars for a fix. Otherwise the car vendor would
be liable to any damage their cars may so - specially s
On 01/22/2009 11:37 PM, Johnathan Nightingale:
I would love a way to query the data directly, do you know of such a
front end, particularly for SQLite?
I know very little about sqlite really.
If not, if you know of a generic
DB-browsing front end for something like MySQL, I can look at portin
On 22/1/09 22:37, Johnathan Nightingale wrote:
It's certainly possible to add sites, though as I said in the post, it's
not my aim to be exhaustive. I just want to be thorough enough to be
able to draw meaningful conclusions from the data.
That's fine by me. I don't think you can be exhausti
Thanks for your thoughts Nelson.
There's one big problem with this idea of a certificate extension for
additional signatures, which I hadn't thought of before (Thanks to Paul H for
spotting it!)...
For the additional signature(s) to become especially useful, the primary
signature on the certifi
25 matches
Mail list logo
