Re: signature verification. VFY_CreateContextWithAlgorithmID help

2010-09-07 Thread tedx
On Sep 7, 1:34 pm, Nelson B Bolyard wrote: > On 2010-09-06 08:17 PDT, Xavier Toth wrote: > > > I'm trying to verify the signature of a file I've signed but I don't > > understand where to get the sigAlgorithm and hash to pass to > > VFY_CreateContextWithAlgorithmID. > > I presume you've read the d

Re: [seek-for-android] Re: Port Mozilla NSS/JSS to smart phone platform

2010-09-07 Thread Anders Rundgren
May I comment a bit on this? msm Li wrote: Currently, the smartphone platform is lack of unified software/hardware security module. For example, iPhone stores certificates in the Keychain, BlackBerry stores certificates in BlackBerry device key store, Android has no such secure storage. True.

Re: Using a 'secret' SSL client certificate from Mozilla

2010-09-07 Thread Michael Smith
On Sep 7, 6:55 am, Konstantin Andreev wrote: > On 08/28/10 02:36, Michael Smith wrote: > > > Rather than the normal case of a client certificate belonging to the user, > > and just added to the certificate store, we want to have a certificate that > > nominally belongs to the application, and is

Re: Using a 'secret' SSL client certificate from Mozilla

2010-09-07 Thread Michael Smith
On Sep 3, 11:53 am, Nelson B Bolyard wrote: > On 2010-08-30 11:04 PDT, Michael Smith wrote: > > > On Aug 28, 10:08 am, Nelson Bolyard > > wrote: > >> What is the real underlying objective of this? > >> Is it to authenticate the individual user of the product to the servers? > >> Is it to ensure t

Re: signature verification. VFY_CreateContextWithAlgorithmID help

2010-09-07 Thread Nelson B Bolyard
On 2010-09-06 08:17 PDT, Xavier Toth wrote: > I'm trying to verify the signature of a file I've signed but I don't > understand where to get the sigAlgorithm and hash to pass to > VFY_CreateContextWithAlgorithmID. I presume you've read the description of these parameters in http://mxr.mozilla.or

Re: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

2010-09-07 Thread Nelson B Bolyard
On 2010-09-07 06:20 PDT, Konstantin Andreev wrote: > On 08/31/10 05:01, Nelson B Bolyard wrote: >> On 2010/08/30 17:32 PDT, Wan-Teh Chang wrote: >>> I propose that we remove SSL 2.0 support from the NSS trunk (NSS >>> 3.13). >> [... skip ...] >> >> It's something I wanted to do for YEARS, but for

Re[6]: Using a 'secret' SSL client certificate from Mozilla

2010-09-07 Thread Konstantin Andreev
On 08/28/10 02:36, Michael Smith wrote: Rather than the normal case of a client certificate belonging to the user, and just added to the certificate store, we want to have a certificate that nominally belongs to the application, and is secret from the user (strange, but that's what I'm stuck w

Re[8]: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

2010-09-07 Thread Konstantin Andreev
On 08/31/10 05:01, Nelson B Bolyard wrote: On 2010/08/30 17:32 PDT, Wan-Teh Chang wrote: I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13). [... skip ...] It's something I wanted to do for YEARS, but for as long as I was employed to work on NSS, I was told that continued