Does anyone know why HTML5 specifies must use the
md5WithRSAEncryption signature algorithm? Was the use of MD5
discussed when was standardized in HTML5?
Eddy, does your CA accept a SignedPublicKeyAndChallenge (SPKAC)
structure signed using sha1WithRSAEncryption?
Wan-Teh
--
dev-tech-crypto mai
Kaspar Brand wrote:
> On 31.03.2010 19:00, Michael Ströder wrote:
>> Strange because my e-mail cert does not have subjectKeyIdentifier at all.
>>
>> Hmm, in theory a S/MIME MUA could calculate it on-the-fly even if the cert
>> does not have one and build a lookup table. Maybe it's worth to look wha
Especially the certlock Firefox extension they propose
Certificate Patrol seems to do the same.
--
Please avoid sending mails, use the group instead.
If you really need to send me an e-mail, mention "FROM NG"
in the subject line, otherwise my spam filter will delete your mail.
Sorry for the inc
On 31.03.2010 19:00, Michael Ströder wrote:
> Strange because my e-mail cert does not have subjectKeyIdentifier at all.
>
> Hmm, in theory a S/MIME MUA could calculate it on-the-fly even if the cert
> does not have one and build a lookup table. Maybe it's worth to look what RFC
> 5750 says about i
Kaspar Brand wrote:
> On 31.03.2010 07:49, Michael Ströder wrote:
>> It seems it's a CMS structure and recipientInfos contains subject key ids
>> instead of issuerAndSerialNumber. It seems Seamonkey 2.0.x does not support
>> that. Is it supported by the underlying libs?
>
> I believe so, see
>
>
On 03/31/2010 04:45 PM, Kai Engert:
== snip quote begin ==
E.g., the attacker would send:
GET /pizza?toppings=pepperoni;address=attackersaddress HTTP/1.1
X-Ignore-This:
And the server uses the victim's account to send a pizza to the attacker.
=== snip quote end ===
This attack
Since "keygen" & Co do not support smart cards in a reasonable way
except for the creation of "administrator cards", I have played
with something that is more in line with how *real* card management
systems work while still using a browser. The following is an
approximation of how this scheme.
A
On 31.03.2010 07:49, Michael Ströder wrote:
> It seems it's a CMS structure and recipientInfos contains subject key ids
> instead of issuerAndSerialNumber. It seems Seamonkey 2.0.x does not support
> that. Is it supported by the underlying libs?
I believe so, see
http://bonsai.mozilla.org/cvsblam
On 3/31/2010 5:26 AM, Eddy Nigg wrote:
[ Please follow up to mozilla.dev.tech.crypto ]
After some discussion at bug 554594 I'm following up here - the bug was
unfortunately misused by me a little for the initial discussion.
Closely related to bug 554594 is
https://bugzilla.mozilla.org/show_bug
On 31.03.2010 14:26, Eddy Nigg wrote:
[ Please follow up to mozilla.dev.tech.crypto ]
After some discussion at bug 554594 I'm following up here - the bug was
unfortunately misused by me a little for the initial discussion.
At https://wiki.mozilla.org/Security:Renegotiation under item 4.4 the
[ Please follow up to mozilla.dev.tech.crypto ]
After some discussion at bug 554594 I'm following up here - the bug was
unfortunately misused by me a little for the initial discussion.
At https://wiki.mozilla.org/Security:Renegotiation under item 4.4 the
following is proposed:
sec
Anders,
On Mar 30, 10:57 pm, Anders Rundgren
wrote:
>
> Good to hear, thanx.
>
> Doesn't that also mean that anybody can enumerate your CSPs without your
> knowledge?
no, IE still says "The site is attempting to perform a certificate
operation, allow (yes/no)" when enumerating the CSPs. The onl
12 matches
Mail list logo
