On 2009-06-04 02:23 PDT, Néric wrote:
> Context:
>
> I am working on PKI cross certification using a PKI bridge.
> To fetch missing certificates, I use the following AIA certificate
> extension:
>
> CA Issuer: URI : http://_...@ftp_server__/.../bundle.p7c
>
> where bundle.p7c contains the missin
On 2009-06-04 16:55 PDT, Wan-Teh Chang wrote:
> On Thu, Jun 4, 2009 at 1:15 PM, Nelson B Bolyard
> wrote:
>> There is a similar function for suspending and restarting the SSL
>> handshake processing at another point where there may be long delays,
>> namely, when the user needs to choose a cert w
> How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
> New Mozilla browsers released after this date do not and will not have the
> problem you described above. So, it should not be necessary to retain the
> MD2 certs in the root list for these new
> How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
> New Mozilla browsers released after this date do not and will not have the
> problem you described above. So, it should not be necessary to retain the
> MD2 certs in the root list for these new
> How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
> New Mozilla browsers released after this date do not and will not have the
> problem you described above. So, it should not be necessary to retain the
> MD2 certs in the root list for these new
On Thu, Jun 4, 2009 at 1:15 PM, Nelson B Bolyard wrote:
>
> The SSL client session cache only caches the server cert, not the
> server cert chain. So, unless you arrange to save the server cert chain,
> the chain will always be incomplete for a session resumption.
>
> At it happens, PSM saves int
agentma...@hotmail.com wrote:
Hi,
I am trying to run the following example code for Mozilla-JSS provider
but it always gives:"java.security.InvalidKeyException: Key is not the
right type for this algorithm" for init function. The same code runs
perfectly fine with Sun default provider.
I too
agentma...@hotmail.com wrote:
Hi,
I am trying to run the following example code for Mozilla-JSS provider
but it always gives:"java.security.InvalidKeyException: Key is not the
right type for this algorithm" for init function. The same code runs
perfectly fine with Sun default provider.
I too
On 2009-06-03 19:16 PDT, Wan-Teh Chang wrote:
>> That means that you always put the cert and its chain into the client's
>> cache, and cache the negotiated SSL session, where it will be restarted
>> by future attempts to connect to the same host/port. This seems
>> inadvisable.
>
> Yes, that's a
Eddy Nigg wrote:
>> A guesstimate is that less than 1 out of 10 000 smart cards actually
>> are provisioned with .
> Can you backup your statement with facts please?
I wrote "guesstimate". However, if we exclude a limited number
of security nerds (that mainly produce cards for themselves), and
agentma...@hotmail.com wrote:
Hi,
I created the db and added a certificate using these commands:
./certutil -N -n servercert -x -t "TCu,TCu,TCu" -s "CN=TestCA,
OU=Test, O=Test, L=Some City, ST=CA, C=US" -m 2 -d /tmp -f passfile
./certutil -S -n servercert -x -t "TCu,TCu,TCu" -s "CN=TestCA,
OU=T
On 06/04/2009 09:40 PM, Anders Rundgren:
A guesstimate is that less than 1 out of 10 000 smart cards actually
are provisioned with .
Can you backup your statement with facts please?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
A guesstimate is that less than 1 out of 10 000 smart cards actually
are provisioned with . There are two reasons for that:
1. does not support the information/processes involved
2. current smart cards are unsuitable for on-line provisioning by end-users
Due to this smart cards are general
Context:
I am working on PKI cross certification using a PKI bridge.
To fetch missing certificates, I use the following AIA certificate
extension:
CA Issuer: URI : http://_...@ftp_server__/.../bundle.p7c
where bundle.p7c contains the missing certificates (pkcs7 format).
***
Hi,
I created the db and added a certificate using these commands:
./certutil -N -n servercert -x -t "TCu,TCu,TCu" -s "CN=TestCA,
OU=Test, O=Test, L=Some City, ST=CA, C=US" -m 2 -d /tmp -f passfile
./certutil -S -n servercert -x -t "TCu,TCu,TCu" -s "CN=TestCA,
OU=Test, O=Test, L=Some City, ST=CA,
On Wed, Jun 3, 2009 at 3:31 PM, Ian Hickson wrote:
>> Which is more likely to be adopted as a cross browser standard? A new
>> html tag? or a new JavaScript object/method?
>
> It would presumably depend on how it is to be used. If it's for form
> submission, then an element would make more sense.
16 matches
Mail list logo
