hi sorry.
I made mistake.
exportable -> unexportable
Mountie
2010. 4. 9. 14:17 Anders Rundgren 작성:
Mountie Lee wrote:
I mean CKA_EXTRACTABLE.
as a Sub-CA, when they issue client certificate, they want to make
sure the private key will be exported outside of browser keystore.
the only one e
Mountie Lee wrote:
I mean CKA_EXTRACTABLE.
as a Sub-CA, when they issue client certificate, they want to make sure
the private key will be exported outside of browser keystore.
the only one exception is when the private key is in hardware token, it
can be moved to other browser.
I didn't get
Hi.
I comment below lines.
On Fri, Apr 9, 2010 at 4:12 AM, Nelson B Bolyard wrote:
> On 2010/04/08 10:53 PDT, Wan-Teh Chang wrote:
> > On Thu, Apr 8, 2010 at 10:08 AM, Nelson B Bolyard
> wrote:
> >>
> >> A PKCS#11 CSP can indeed choose to make private keys exportable or not.
> >> A FIPS mode C
Hi.
On Fri, Apr 9, 2010 at 2:08 AM, Nelson B Bolyard wrote:
> > Mountie Lee wrote:
> >> Thanks Eddy.
> >>
> >> in IE
> >> the service provider can choose the private key can be exportable or
> not.
> >>
> >> the manual configuration is not so attractive for service provider.
>
> On 2010-04-08 04
On 09.04.2010 00:41, Matt McCutchen wrote:
On Thu, 2010-04-08 at 09:59 -0700, Robert Relyea wrote:
The yellow larry is a good proposal, and probably implementable much
sooner than noisy warnings.
I'm glad you like it. I guess the next thing needed is for someone to
actually implement it, perh
On Thu, 2010-04-08 at 09:59 -0700, Robert Relyea wrote:
> The yellow larry is a good proposal, and probably implementable much
> sooner than noisy warnings.
I'm glad you like it. I guess the next thing needed is for someone to
actually implement it, perhaps me if I can figure out how.
--
Matt
On 2010/04/08 09:35 PDT, johnjbarton wrote:
> On 4/7/2010 9:35 PM, Nelson B Bolyard wrote: ...
>> Inconveniencing the users is a NECESSARY part of getting this
>> vulnerability fixed. Without that, the servers have NO INCENTIVE to
>> lift a finger to fix this.
> ...
>
> The claim is obviously fal
- Original Message -
From: "Nelson B Bolyard"
>I think he's referring to the fact that the PKCS#11 module must be manually
>configured to be in FIPS mode or not in FIPS mode.
I'm not aware of any automatic protection settings for manual key import in
Windows, unless you can do it with
On Thu, 2010-04-08 at 09:35 -0700, johnjbarton wrote:
> On 4/7/2010 9:35 PM, Nelson B Bolyard wrote:
> ...
> > Inconveniencing the users is a NECESSARY part of getting this vulnerability
> > fixed. Without that, the servers have NO INCENTIVE to lift a finger to fix
> > this.
> ...
>
> The claim i
On 2010/04/08 11:11 PDT, Anders Rundgren wrote:
> Nelson B Bolyard wrote:
>
>
>
>>> Hi Mountie,
>>> A service provider cannot specify *anything* regarding key protection
>>> using Firefox.
>>
>> Anders, I think Mountie was referring to "Crypto Service Provider" (CSP),
>> which is Microsoft's nam
On 2010/04/08 10:53 PDT, Wan-Teh Chang wrote:
> On Thu, Apr 8, 2010 at 10:08 AM, Nelson B Bolyard wrote:
>>
>> A PKCS#11 CSP can indeed choose to make private keys exportable or not.
>> A FIPS mode CSP will generally make private keys unexportable.
>> NSS's NON-FIPS PKCS#11 CSP can also make non-e
Nelson B Bolyard wrote:
Hi Mountie,
A service provider cannot specify *anything* regarding key protection
using Firefox.
Anders, I think Mountie was referring to "Crypto Service Provider" (CSP),
which is Microsoft's name for software modules that follow Microsoft's
alternative that is approx
On Thu, Apr 8, 2010 at 10:08 AM, Nelson B Bolyard wrote:
>
> A PKCS#11 CSP can indeed choose to make private keys exportable or not.
> A FIPS mode CSP will generally make private keys unexportable.
> NSS's NON-FIPS PKCS#11 CSP can also make non-exportable keys, IIRC,
> but Firefox offers no option
> Mountie Lee wrote:
>> Thanks Eddy.
>>
>> in IE
>> the service provider can choose the private key can be exportable or not.
>>
>> the manual configuration is not so attractive for service provider.
On 2010-04-08 04:14 PST, Anders Rundgren wrote:
> Hi Mountie,
> A service provider cannot specify
On 04/07/2010 09:35 PM, Nelson B Bolyard wrote:
>
We plan on alerting users in a future update. This is fair warning
to server operators and those who are debugging their sites.
>>> If this is a real threat don't users deserve a fair warning now?
>>>
>> I fully agree
On 4/7/2010 9:35 PM, Nelson B Bolyard wrote:
...
Inconveniencing the users is a NECESSARY part of getting this vulnerability
fixed. Without that, the servers have NO INCENTIVE to lift a finger to fix
this.
...
The claim is obviously false as the recent update to Firefox 3.6.3
clearly demonstr
This is the FINAL CALL to submit your talk / presentation proposals for
the inaugural HITB Security Conference in Europe! Submissions are due
by 19TH APRIL 2010.
HITBSecConf2010 - Amsterdam takes place at the Grand Krasnapolsky from
the 29th of June till the 2nd of July (Tuesday - Friday) with ke
Hi Mountie,
A service provider cannot specify *anything* regarding key protection
using Firefox.
Anders
Mountie Lee wrote:
Thanks Eddy.
in IE
the service provider can choose the private key can be exportable or not.
the manual configuration is not so attractive for service provider.
is it po
Thanks Eddy.
in IE
the service provider can choose the private key can be exportable or not.
the manual configuration is not so attractive for service provider.
is it possible to enable FIPS mode by providing checkbox or some other ways
by server?
On Thu, Apr 8, 2010 at 7:49 PM, Eddy Nigg wro
On 04/08/2010 01:41 PM, Mountie Lee:
Hi.
I'm Mountie.
Hi Mountie...
in Firefox
is it possible to make private key in keystore as un-exportable that
the key was imported from outside.
Did you try to activate FIPS mode? See Preferences -> Advanced ->
Security Devices -> Enable FIPS.
--
Hi.
I'm Mountie.
I have a question.
in MSIE(Microsoft Internet Explorer)
user is able to choose the private key is exportable or not from keystore
when generating private key or import key pairs.
in Firefox
is it possible to make private key in keystore as un-exportable that the key
was imported
21 matches
Mail list logo
