Re: Using a 'secret' SSL client certificate from Mozilla

On Aug 27, 4:30 pm, John Dennis wrote: > On 08/27/2010 06:36 PM, Michael Smith wrote: > > > > > Hi all, > > > In our (mozilla/xulrunner-based) application, we're trying to set up a > > secure connection to a server that requires a client certificate. > > > Rather than the normal case of a client c

Re: Using a 'secret' SSL client certificate from Mozilla

On 08/27/2010 06:36 PM, Michael Smith wrote: Hi all, In our (mozilla/xulrunner-based) application, we're trying to set up a secure connection to a server that requires a client certificate. Rather than the normal case of a client certificate belonging to the user, and just added to the certific

Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). SSL 2.0 is an old and insecure protocol. No products should be using SSL 2.0 today. But removing the SSL 2.0 code from NSS has one major benefit to the continual development of NSS's SSL library: it'll make the code base eas

Using a 'secret' SSL client certificate from Mozilla

Hi all, In our (mozilla/xulrunner-based) application, we're trying to set up a secure connection to a server that requires a client certificate. Rather than the normal case of a client certificate belonging to the user, and just added to the certificate store, we want to have a certificate that n

Re: How important is FIPS-140 compliance and PKCS#11 interoperability to Firefox, Chrome, etc.?

On Fri, Aug 27, 2010 at 2:05 PM, Brian Smith wrote: > In accepting patches to implement TLS 1.2 and/or AES-GCM cipher suites, is a > (potentially-)FIPS-140-compliant implementation required? Or, would it be > acceptable in the short-term to have an implementation that is known to be > non-complian

How important is FIPS-140 compliance and PKCS#11 interoperability to Firefox, Chrome, etc.?

In accepting patches to implement TLS 1.2 and/or AES-GCM cipher suites, is a (potentially-)FIPS-140-compliant implementation required? Or, would it be acceptable in the short-term to have an implementation that is known to be non-compliant and thus disabled in FIPS mode? The main issue regardin

RE: Re[5]: PKCS#11 header files: license and updating to the newest version

Konstantin Andreev wrote: > On 08/03/10 19:13, Brian Smith wrote: > > I think I found a problem with the GCM interface that seems > > to make it impossible to use the PKCS#11 interface in a FIPS-140-compliant > > manner. In particular, NIST SP800-38D requires that the IV for the GCM mode be > > gen

Re: Port Mozilla NSS/JSS to smart phone platform

Hi, I haven't hear any direct quotes but the coolkey folks may be interested as well. I agree, but not sure a new project is warranted. A subbranch of the nss codebase perhaps? No need to fragment the community just because a new architecture comes into play.

Re: how to send encrypted mail to email list address ?

On 2010/08/26 01:02 PDT, fishjohn wrote: > > Hi. > > Hope this forum is ok for such question. Yes. > We have simple "lists" implemented through /etc/aliases . basically > I want to send encrypted mail to l...@example.com ( which is alias > for person1, person2, ...) A common desire. > Is ther