MECAI proposal - Version 2

2012-02-23 Thread Kai Engert
Please find a more detailed description of my proposal MECAI - Mutually Endorsing CA Infrastructure at https://kuix.de/mecai/mecai-proposal-v2.pdf (PDF, 12 pages) I'm looking forward to your feedback, please let me know if parts are difficult to understand or need clarification. Best Regards

Re: Combining OCSP stapling with advance MITM preparation

2012-02-23 Thread Robert Relyea
On 02/23/2012 11:52 AM, Kai Engert wrote: As soon as the certificate has been revoked, the domain owner is able to obtain an OCSP response for the rogue certificate. The domain owner could configure their server to include this OCSP response in all TLS handshakes, even though this OCSP respo

Re: Combining OCSP stapling with advance MITM preparation

2012-02-23 Thread Kai Engert
On 23.02.2012 20:53, Kai Engert wrote: I've just sent the following message to Mozilla's dev-tech-crypto mailing list, and I thought you might be interested, too. I apologize for the double post, the second post was intended for a different mailing list... -- dev-tech-crypto mailing list de

Combining OCSP stapling with advance MITM preparation

2012-02-23 Thread Kai Engert
I've just sent the following message to Mozilla's dev-tech-crypto mailing list, and I thought you might be interested, too. While working on an updated paper of the MECAI proposal (which I hope to post in the next couple of days), the following orthogonal idea came to me. I don't know whether

Combining OCSP stapling with advance MITM preparation

2012-02-23 Thread Kai Engert
While working on an updated paper of the MECAI proposal (which I hope to post in the next couple of days), the following orthogonal idea came to me. I don't know whether it is a new idea, or whether it has been discussed/mentioned before. Let's say the owner of a domain learns that a rogue cer

Re: [Patch] Nss-3.13.1 memory leak fix

2012-02-23 Thread P J P
- Original Message - > From: P J P > Please have a look at the patch and the valgrind(1) report attached herein.   I guess the attachments were dropped. Patch -> http://pjp.dgplug.org/tools/nss-3.13.1-memleakfix.patch Valgrind(1) report === HEAP SUMMARY:     in use at exit: 2,731,101 b

[Patch] Nss-3.13.1 memory leak fix

2012-02-23 Thread P J P
  Hi, While searching for memory leaks in one of my program, I found few in the NSS-3.13.1 library in the following files === mozilla/security/nss/lib/nss/nssinit.c:687 mozilla/security/nss/lib/nss/nssinit.c:719 mozilla/security/nss/lib/base/error.c:281 mozilla/security/nss/lib/ckfw/instance.c:2