Kai
To perform a successful MITM attack on a connection between a victim client
and a victim server, the attacker must have two things:
1) one or more certificates that bear a public key whose corresponding
private key is known to the attacker, and which certificates will be
accepted by the victi
On 5/18/10 1:53 PM, Wan-Teh Chang wrote:
On Tue, May 18, 2010 at 11:16 AM, Kathleen Wilson
wrote:
So, is it the case that PSM is not actually checking for 512-bit certs?
Yes, I confirm that's the case. Nelson and I didn't find the
code or the bug report for checking for 512-bit certs.
I j
On 05/19/2010 02:51 PM, Bud P. Bruegger wrote:
> Hello, I would like to ask your advice on how to best deal with a
> problem related to deleting certificates/keys.
>
> I'm currently experimenting with creating short-lived certificates for
> TLS-client-authentication using the element. While it s
Hello, I would like to ask your advice on how to best deal with a
problem related to deleting certificates/keys.
I'm currently experimenting with creating short-lived certificates for
TLS-client-authentication using the element. While it seems
easy to create the keys/certs, I have more problems
On 2010-05-19 03:40 PDT, Šandor Feldi wrote:
> Jean-Marc Desperrier wrote:
>> The web site is also something you develop ?
>
> Thanks for answering. No I do not develop the site and don't have any way
> to access or configure apache, and it happens on different sites too... I
> forgot to point out
Today I read some technical documents at http://www.torproject.org which
is a project that tries to enhance anonymity of Internet users, or allow
Internet users to circumvent censorship.
With Tor, your outgoing connections will be routed (using encryption) to
a chain of random Tor servers, unt
On 5/19/2010 10:32 AM, Eddy Nigg wrote:
> On 05/19/2010 05:37 PM, From Jean-Marc Desperrier:
>>
>> Or investing some serious time evangelising the SSL site owners into
>> using a real certificate.
>>
>> But the statu quo doesn't work.
>
> Amen! And you know what - today there is NO reason whatsoev
hi,
I'm trying to build nss but i have some problems with nspr build. When
creating libnspr4.lib library, it raises "symbol not found" for a lot
of __PR_ declarations.
Does anyone have encountered that problem ?
Toki
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://list
On 05/19/2010 05:37 PM, From Jean-Marc Desperrier:
Or investing some serious time evangelising the SSL site owners into
using a real certificate.
But the statu quo doesn't work.
Amen! And you know what - today there is NO reason whatsoever not to get
real certs, they are available from fre
On 05/19/2010 01:30 PM, From Jean-Marc Desperrier:
Eddy Nigg wrote:
Isn't this actually a sign that the technology works? I mean, 100% false
positives means literally 100% success.
Shit no !
The higher the false positive rate, the more acute the failure.
Well, just for the record, lets get
Marsh Ray wrote:
What do you propose other than not letting the user bypass
the cert error page at all?
Investing some serious time enhancing those errors.
Or investing some serious time evangelising the SSL site owners into
using a real certificate.
But the statu quo doesn't work.
Anothe
Jean-Marc Desperrier wrote:
> The web site is also something you develop ?
Thanks for answering. No I do not develop the site and don't have any way to
access or configure apache, and it happens
on different sites too... I forgot to point out, that when importing a
certificate into Firefox's NSS
Eddy Nigg wrote:
Isn't this actually a sign that the technology works? I mean, 100% false
positives means literally 100% success.
Shit no !
The higher the false positive rate, the more acute the failure.
People will trust and respect the warning *only* if there's a very low
rate of false pos
Šandor Feldi wrote:
I do get multiple certificate selection dialogs in sequence at SSL
session start...so I have to reselect the same cert, say twice...
I enter the https of the target site, I get asked about the cert - I
select it, then the site displays my info and offers me an>enter
site< bu
Hello everybody,
I am developing a PKCS11 module, and when testing it in Firefox (3.6.3 for
eg.), despite selecting "remember selected certificate"
I do get multiple certificate selection dialogs in sequence at SSL session
start...so I have to reselect the same cert, say twice...
I enter the
15 matches
Mail list logo
