On 2010/03/17 09:44 PST, Gregory BELLIER wrote:
> Sorry, my two emails are one after the other.
>
> As I said in the previous one, I copied the SEED. Basically, I did grep
> -i seed $(find mozilla -type f -print) -l followed by a grep -irn 0096 *
> I copied all the occurences of SEED the cipher
I suggest that you also look at the actual SEED or Camellia patch to
see all the necessary changes to mozilla/security/nss/lib/ssl. (I assume
your changes to the rest of NSS are correct because you said you can
use MYC in S/MIME.)
The only difference in mozilla/security/nss/lib/ssl I see is that
Anders Rundgren wrote:
> I think I got the overall picture but I do not understand
> how LDAP knows what key to prove possession of unless you
> have as I suggested do an initial browser-2-web server auth
> first.
You can have a userCert attribute stored in LDAP.
--
Emmanuel Dreyfus
http://hcp
Emmanuel Dreyfus wrote:
> My idea was to implement the middleware between Javascript
> popChallengeResponse and the underlying code from CMMF. When
> The underlying code will become RFC compliant, the Javascript
> API will become RFC compliant too without a change.
And it seems that getting R
I think I got the overall picture but I do not understand
how LDAP knows what key to prove possession of unless you
have as I suggested do an initial browser-2-web server auth
first.
Anders
Emmanuel Dreyfus wrote:
Anders Rundgren wrote:
I can't say I fullu understand what you want to do.
Wou
Anders Rundgren wrote:
> I can't say I fullu understand what you want to do.
> Would you use TLS client-cert-auth to the proxy and then let the
> application based on received cert do a popCR?
> Are we talking javascript or native code?
Here is the thing:
brower ---> unprivileigied web app ---
Jean-Marc Desperrier a écrit :
Wan-Teh Chang wrote:
You can use the NSS command-line tool 'ssltap' to inspect the SSL
handshake
messages:http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html
It's significantly easier to do it with Wireshark.
Is it easier than the selfserv and
I can't say I fullu understand what you want to do.
Would you use TLS client-cert-auth to the proxy and then let the
application based on received cert do a popCR?
Are we talking javascript or native code?
Anders
- Original Message -
From: "Emmanuel Dreyfus"
To: "mozilla's crypto code d
Wan-Teh Chang wrote:
You can use the NSS command-line tool 'ssltap' to inspect the SSL handshake
messages:http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html
It's significantly easier to do it with Wireshark.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
http
On Wed, Mar 17, 2010 at 9:44 AM, Gregory BELLIER
wrote:
>
> So I guess I miss something to add a cipher in NSS. Until now it has worked
> for S/Mime but this bug appears with the need to use TLS.
>
> What should have been done that I didn't ?
Without looking at your code, I'm afraid that we won't
Sorry, my two emails are one after the other.
As I said in the previous one, I copied the SEED. Basically, I did grep
-i seed $(find mozilla -type f -print) -l followed by a grep -irn 0096 *
I copied all the occurences of SEED the cipher and not the ones about
*a* seed and created a new cipher
Robert,
I did what you suggested.
You were right, there is a deeper problem because selfserv doesn't
recognize my cipher if I use the option "-c :0200". I'm told an unknown
cipher has been requested.
But if I use 0084 (which is camellia) it works fine. I used grep to find
every occurrences of
Wan-Teh Chang wrote:
Please use the official page instead:
https://wiki.mozilla.org/Community:SummerOfCode10
But only when a mentor can be immediately identified !
I have another idea, but I don't believe any sponsor/mentor can be found.
The S/MIME code in Thunderbird was written before an S/
On Tue, Mar 16, 2010 at 10:25 AM, Wan-Teh Chang wrote:
>
> I just added an "NSS (Network Security Services" section to
> https://wiki.mozilla.org/Community:SummerOfCode10:Brainstorming
Please use the official page instead:
https://wiki.mozilla.org/Community:SummerOfCode10
Wan-Teh
--
dev-tech-cr
Anders Rundgren wrote:
> That's correct. But even if you send a stolen static cert req, you don't
> get very far with that since if you haven't the private key you can't
> use the returned cert anyway which I guess is why this function haven't been
> much requested.
>
> I'm not sure what you ha
Emmanuel Dreyfus wrote:
On Wed, Mar 17, 2010 at 11:24:37AM +0100, Anders Rundgren wrote:
I don't see much value supporting a function that still misses
the core question: is the key actually in the card?
I do not understand your concern. As far as I understand, the purpose
of popChallengeResp
On 17.03.2010 02:40, Wan-Teh Chang wrote:
Is your proposal or Aza Raskin's proposal similar to the proposal that
Henry Story of the "foaf" project has been advocating?
No, under the assumption you're refering to http://esw.w3.org/Foaf%2Bssl
Contrary to "foaf+ssl" I'm not proposing any new
On Wed, Mar 17, 2010 at 11:24:37AM +0100, Anders Rundgren wrote:
> I don't see much value supporting a function that still misses
> the core question: is the key actually in the card?
I do not understand your concern. As far as I understand, the purpose
of popChallengeResponse is to prove you hav
On Wed, Mar 17, 2010 at 10:20:39AM +0100, Jean-Marc Desperrier wrote:
> I'm not sure. As the page says : "The current implementation does not
> conform to that defined in the CMMF draft, and we intend to change this
> implementation to that defined in the CMC RFC."
>
> Implementing it to do som
I don't see much value supporting a function that still misses
the core question: is the key actually in the card?
Anders
Jean-Marc Desperrier wrote:
Emmanuel Dreyfus wrote:
So as I understand, it is not implemented yet. This is a quite
disapointing, since the documentation does suggests it is
Emmanuel Dreyfus wrote:
So as I understand, it is not implemented yet. This is a quite
disapointing, since the documentation does suggests it is fully
supported. This should be updated.
Just get a login on MDC :-)
Now that I wrote the code in C for producing a base64 encoded
popChallengeRespo
Dear friends,
FEITIAN and Dooze crypto shop are happy to donate 3 FEITIAN PKI smart
cards to Mozilla free software developers. We hope to ease the
adoption of smart cards and help maintenance. Description of card:
http://www.gooze.eu/feitian-pki-card
The FEITIAN PKI smart card is fully compatibl
22 matches
Mail list logo
