Re: Alerts on TLS Renegotiation

On Fri, 2010-04-09 at 09:34 -0700, johnjbarton wrote: > On 4/8/2010 12:13 PM, Matt McCutchen wrote: > > On Thu, 2010-04-08 at 09:35 -0700, johnjbarton wrote: > >> On 4/7/2010 9:35 PM, Nelson B Bolyard wrote: > >> ... > >>> Inconveniencing the users is a NECESSARY part of getting this > >>> vulnera

Re: Difference between Firefox and Thunderbird in Supplied Root Certificates

Kaspar is correct; the server is returning the wrong intermediate cert. You can see this by using VeriSign's Chain Checker at https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130 I'll have our support team contact the customer. Thanks for pointing this ou

Re: Difference between Firefox and Thunderbird in Supplied Root Certificates

Kaspar Brand schrieb am 09.04.2010 18:28: On 09.04.2010 15:35, Ulrich Boche wrote: According to Firefox, the complete chertificate chain is: service.lbb.de VeriSign Class 3 Secure Server CA - G2 Builtin Object Token: Verisign Class 3 Public Primary Certification Authority - G2 The certificat

Fixing it Re: import key pairs but un-exportable private key

Nelson B Bolyard wrote: since a CA has no options for key protection during issuance using Firefox which it has using MSIE. Yes, I quite agree with you on this point, Anders. The problem is that the CA cannot express to Firefox that it wants Firefox to require that the generated key be unext

Re: Alerts on TLS Renegotiation

On 4/8/2010 12:13 PM, Matt McCutchen wrote: On Thu, 2010-04-08 at 09:35 -0700, johnjbarton wrote: On 4/7/2010 9:35 PM, Nelson B Bolyard wrote: ... Inconveniencing the users is a NECESSARY part of getting this vulnerability fixed. Without that, the servers have NO INCENTIVE to lift a finger to

Re: import key pairs but un-exportable private key

On 2010-04-08 22:17 PST, Anders Rundgren wrote: > Mountie Lee wrote: >> I mean CKA_EXTRACTABLE. >> as a Sub-CA, when they issue client certificate, they want to make sure >> the private key will [not] be exported outside of browser keystore. the >> only one exception is when the private key is in h

Re: Difference between Firefox and Thunderbird in Supplied Root Certificates

On 09.04.2010 15:35, Ulrich Boche wrote: > According to Firefox, the complete chertificate chain is: > > service.lbb.de > > VeriSign Class 3 Secure Server CA - G2 > > Builtin Object Token: Verisign Class 3 Public Primary Certification > Authority - G2 > > The certificate I listed is only the i

Re: Difference between Firefox and Thunderbird in Supplied Root Certificates

Eddy Nigg schrieb am 09.04.2010 15:14: On 04/09/2010 04:05 PM, Ulrich Boche: I'm not sure what the right newsgroup for this problem is. If I'm not at the right place here, please let me know. Apparently, the the CA root certificates that are supplied with Firefox 3.6.3 are different from those

Re: Difference between Firefox and Thunderbird in Supplied Root Certificates

On 04/09/2010 04:05 PM, Ulrich Boche: I'm not sure what the right newsgroup for this problem is. If I'm not at the right place here, please let me know. Apparently, the the CA root certificates that are supplied with Firefox 3.6.3 are different from those that come with Thunderbird 3.0.4. The

Re: Difference between Firefox and Thunderbird in Supplied Root Certificates

On 04/09/2010 04:05 PM, Ulrich Boche: I'm not sure what the right newsgroup for this problem is. If I'm not at the right place here, please let me know. Apparently, the the CA root certificates that are supplied with Firefox 3.6.3 are different from those that come with Thunderbird 3.0.4. The

Difference between Firefox and Thunderbird in Supplied Root Certificates

I'm not sure what the right newsgroup for this problem is. If I'm not at the right place here, please let me know. Apparently, the the CA root certificates that are supplied with Firefox 3.6.3 are different from those that come with Thunderbird 3.0.4. The following CA certificate: CN = VeriS