On 07/24/2009 03:40 AM, Ian G:
Well, Eddy, I'm sorry that you feel things that you don't understand
are stupid.
I understand you very well and you know that I understand and I know
that you understand. Just stop that game, would you?! You know exactly
what I meant and I know exactly what you
On 23/7/09 11:13, Eddy Nigg wrote:
On 07/22/2009 06:33 PM, Ian G:
3. You'll still get massive resistance. That's because all of the
mozilla security code, security developers, most of the committees,
and the companies that pay for the developers, the CAs, etc etc are
all invested heavily in PKI.
Eddy Nigg wrote:
On 07/23/2009 03:59 PM, Anders Rundgren:
There is no Mozilla-list for discussing high-level aspects of PKI-using
applications like TB and FF.
This list is mainly for technical related matters of cryptography in
relation to Mozilla software, the dev.security.policy is for
On 07/23/2009 03:59 PM, Anders Rundgren:
There is no Mozilla-list for discussing high-level aspects of PKI-using
applications like TB and FF.
This list is mainly for technical related matters of cryptography in
relation to Mozilla software, the dev.security.policy is for policy, CA
revie
On 07/23/2009 03:34 PM, Martin Paljak:
Right. I'm sure I could make a bunch of people warm and fuzzy by
getting some "tankers" for booze money from Moscow, transfer them to
some funky ex-USSR country or maybe some tropical island, make them
establish "Internet Million Dollar Lottery Inc.", get
Udo Puetz wrote:
>P.s.: I haven't seen anything on the main page of this group that it
>shall only deal with NSS. Maybe Nelson or someone could write that
>into the description of this group.
There is no Mozilla-list for discussing high-level aspects of PKI-using
applications like TB and FF.
Tha
On 23.07.2009, at 14:05, Eddy Nigg wrote:
On 07/23/2009 01:23 PM, Udo Puetz:
In other words: is it better to use a little more security easily or
proper security hard to master?
What is a little more security? Something which gives you a warm
fuzzy feeling, worth exactly nothing? I don't h
Hi again,
I thought about it and I have to correct my previous post. I did talk
about openssl and a openssl generated CA. Sorry, I forgot about that.
Since I've expressed my opinions, they are not shared here and Nelson
sort of thinks this is fruitless I'll shut up.
Thanks a lot all for your help a
On 07/23/2009 01:23 PM, Udo Puetz:
I'll combine my answer to this post and the ones below here.
PGP/GPG has it's "web of trust". You say in the other post "the client
software would still have to find a path to a trusted CA for PGP keys
- something which doesn't quite exist.". A web with few poin
On 23.07.2009, at 13:23, Udo Puetz wrote:
-Use win key store on win. Both FF and TB. If a hw token is found
ask
the user if he wants to utilize it.
And with it import all the potential problems of an operating system
too? I mean, then the application can't make an independent trust
decision
On 23 Jul., 11:56, Nelson B Bolyard wrote:
Hello Nelson
> As for Udo's rants, Udo has reported that two of the users he was trying
> to help have subsequently resolved their own problems without his help.
> Maybe Udo is just unhappy that he had more problems with this stuff than
> the users he w
On 2009-07-22 06:09 PDT, nk wrote:
>> Is there any way I can reproduce what you're seeing?
>> I would probably require me to be able to access your CA server,
>> and perhaps also to trust your root cert for the test.
>
> There is no CA server involved at this point. All I am doing is
> supplying
On 23 Jul., 11:09, Eddy Nigg wrote:
Hi Eddy and list,
> > Hmm, here are my ideas:
> > -integrate enigmail into TB.
>
> That's PGP, not x.509 certificates. We have a problem with trust
> regarding PGP. Enigmail is an excellent extension for any user who wants
> to rely on PGP keys.
I'll combine
Nelson B Bolyard wrote:
>Now, finally, I'll put on my forum moderator hat and remind participants
>that this is a developer forum, for developers of NSS and developers of
>software that uses NSS.
I respect that. However, is there no place where higher levels of PKI usage
in Mozilla products is d
On 2009-07-22 05:59 PDT, Varga Viktor wrote:
>> FF 3.5.0 and FF 3.5.1 do not support fetching of certs from AIA extension
>> URIs, nor fetching of CRLs from CDP extension URIs. The code to fetch
>> certs from AIA URIs is present, but Firefox has not yet put it into use.
>
> What was the cause to
On 2009-07-20 03:04 PDT, Ian G wrote:
> On 20/7/09 09:18, Udo Puetz wrote:
>
>> From a usability point of view I would consider the WHOLE
>> thing to be a nightmare. I intended to write up a howto, gave that up
>> now for the time being.
>> And by the way: ASN1, PKCS#7, PKCS#12. Who was the (pard
On 07/23/2009 11:55 AM, Udo Puetz:
I hear a certain amount of bitterness through your remarks. Also, it's
quite interesting that none of the others here chime in with "that's
not so!" - silent consent?
I just did! Sorry, have been busy otherwise, but marked the last posts
for later to resp
On 07/22/2009 06:33 PM, Ian G:
3. You'll still get massive resistance. That's because all of the
mozilla security code, security developers, most of the committees,
and the companies that pay for the developers, the CAs, etc etc are
all invested heavily in PKI. They've got othing invested in
On 07/22/2009 06:03 PM, Udo Puetz:
Hmm, here are my ideas:
-integrate enigmail into TB.
That's PGP, not x.509 certificates. We have a problem with trust
regarding PGP. Enigmail is an excellent extension for any user who wants
to rely on PGP keys.
-Integrate weave into TB. Can't the sam
On 22 Jul., 17:33, Ian G wrote:
Hi Ian and list
> Here's how I see this progressing.
>
> 1. You will be told, "you have to do it," because the existing team is
> too busy. "Don't criticise, code." Hell, you got told that above :)
>
> The "reason" is true, but the causality is not. See 2.
>
>
20 matches
Mail list logo
