Re: Regain trust into SSL/TLS

2014-03-11 Thread Julien Pierre
On 3/11/2014 03:10, Alan Braggins wrote: On 09/03/14 22:59, Raphael Wegmann wrote: What about creating a distributed hash-table, where we could count collectively, which public-key has been used by a particular server how often? When I visit amazon.com and my browser tells me, that I am the onl

Re: OCSP stapling problems

2014-03-11 Thread Hanno Böck
On Tue, 11 Mar 2014 11:01:26 -0700 Brian Smith wrote: > First, it is important to point out to others reading this that this > problem only affects certificates that don't chain to a trusted root > CA and/or which are considered invalid by Firefox for some other > reason. AFAICT, there is no prob

Re: OCSP stapling problems

2014-03-11 Thread Brian Smith
On Tue, Mar 11, 2014 at 3:20 AM, Hanno Böck wrote: > I wanted to bring up an issue regarding OCSP stapling. > I filled this bug shortly after Firefox 27 came out: > https://bugzilla.mozilla.org/show_bug.cgi?id=972304 > > Short conclusion: If you have enabled OCSP stapling on your server this > wi

Re: initializing the standalone nss soft token (libsoftokn3.so)

2014-03-11 Thread Robert Relyea
On 03/10/2014 08:50 PM, Dave wrote: > I'm having trouble initializing the nss soft token when linking against it > directly. The function _NSSUTIL_EvaluateConfigDir (utilpars.c) is > segfaulting when passing the following initialization arguments to > C_Initialize: > > CK_CHAR * configStr

OCSP stapling problems

2014-03-11 Thread Hanno Böck
Hello, I wanted to bring up an issue regarding OCSP stapling. I filled this bug shortly after Firefox 27 came out: https://bugzilla.mozilla.org/show_bug.cgi?id=972304 Short conclusion: If you have enabled OCSP stapling on your server this will break the possibility to add certificate exceptions w

Re: Regain trust into SSL/TLS

2014-03-11 Thread Alan Braggins
On 09/03/14 22:59, Raphael Wegmann wrote: What about creating a distributed hash-table, where we could count collectively, which public-key has been used by a particular server how often? When I visit amazon.com and my browser tells me, that I am the only one who got that public-key I'm having, I

additional SSL/TLS connection info (Re: Regain trust into SSL/TLS)

2014-03-11 Thread Frederik Braun
On 09.03.2014 23:59, Raphael Wegmann wrote: > Yes, it is possible to check the certificate (or the fingerprint), > but who does that? Apropos, why is the SHA1 and MD5 fingerprint > hidden behind 3 clicks? Can't we add some visual fingerprint in > the window that pops up, when I click the lock symbo