CA switched to SHA-1?

2009-02-03 Thread Michael Kohler
Good evening, have now all CAs switched to SHA-1 encryption due the MD5 collision attack on CA certs? Michael -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: newbie problems with certutil and signtool

2009-02-03 Thread David Tiertant
David Tiertant wrote: Howdy, I'm working in InstallShield to create a web installer for one of our software packages. The installer for IE builds fine, but Firefox requires a Netscape certificate. InstallShield is supposed to build this automatically, but something is wrong with my settings a

Re: newbie problems with certutil and signtool

2009-02-03 Thread David Tiertant
Still not signing correctly. :( David Tiertant wrote: David Tiertant wrote: Howdy, I'm working in InstallShield to create a web installer for one of our software packages. The installer for IE builds fine, but Firefox requires a Netscape certificate. InstallShield is supposed to build this

newbie problems with certutil and signtool

2009-02-03 Thread David Tiertant
Howdy, I'm working in InstallShield to create a web installer for one of our software packages. The installer for IE builds fine, but Firefox requires a Netscape certificate. InstallShield is supposed to build this automatically, but something is wrong with my settings and I'm having some dif

Howto sign CRMF requests?

2009-02-03 Thread axi...@googlemail.com
I created a certification request (CRMF) programmatically with JavaScript/Firefox using the crypto.generateCRMFRequest() method. Now I'd like to sign this request on a server and generate a response (CMMF) to be imported via JavaScript/Firefox using the crypto.importUserCertificates () method. Is

Re: SECOM Trust EV root inclusion request

2009-02-03 Thread Eddy Nigg
On 02/03/2009 01:47 PM, Johnathan Nightingale: We're talking with our existing CRL-based EV CAs as we speak to work out a better solution for 3.1, now that the underlying NSS validation code is (correctly) treating absence of CRL (albeit due to our own lack of CRLDP support, until recently patent

Re: SECOM Trust EV root inclusion request

2009-02-03 Thread Johnathan Nightingale
Eddy Nigg wrote: On 02/03/2009 08:05 AM, Kaspar Brand: Mozilla currently includes EV enabled roots of CAs which do not yet provide OCSP respondes for their server certs. Correct and this is a problem for both the CA and Mozilla... It's supposed to do so, but current Firefox versions will hap

Re: SECOM Trust EV root inclusion request

2009-02-03 Thread Eddy Nigg
On 02/03/2009 08:05 AM, Kaspar Brand: Mozilla currently includes EV enabled roots of CAs which do not yet provide OCSP respondes for their server certs. Correct and this is a problem for both the CA and Mozilla... It's supposed to do so, but current Firefox versions will happily show the EV i