Re: NSS support for RFC7512 PKCS#11 URIs

> On Mon, May 4, 2015 1:25 pm, David Woodhouse wrote: >> Surely that's not unique? Using the above example, surely the first >> certificate issued by the 2010 instance of 'My CA', and the first >> certificate issued by the 2015 instance, are both going to have >> identical CKA_ISSUER and CKA_S

Re: NSS support for RFC7512 PKCS#11 URIs

On Mon, May 4, 2015 1:25 pm, David Woodhouse wrote: > Surely that's not unique? Using the above example, surely the first > certificate issued by the 2010 instance of 'My CA', and the first > certificate issued by the 2015 instance, are both going to have > identical CKA_ISSUER and CKA_SERIAL_N

Re: NSS support for RFC7512 PKCS#11 URIs

On Mon, 2015-05-04 at 09:21 -0700, Robert Relyea wrote: > So in NSS, CKA_LABEL is simply a short cut to CKA_SUBJECT. That is NSS > looks up a cert from the nickname and picks all the certs that match > that cert's subject. Hm... so if I have two certificates; one with: CKA_SUBJECT: "My CA" C

Re: Problems with FF and internal certificates

On 05/04/2015 10:09 AM, Brian Smith wrote: On Fri, May 1, 2015 at 9:11 AM, Tanvi Vyas wrote: On Apr 27, 2015, at 2:03 PM, Michael Peterson < michaelpeterson...@gmail.com> wrote: Now, in the album I posted above (https://imgur.com/a/dmMdG), the last two screenshots show a packet capture from

Re: Problems with FF and internal certificates

On Fri, May 1, 2015 at 9:11 AM, Tanvi Vyas wrote: > > On Apr 27, 2015, at 2:03 PM, Michael Peterson < > michaelpeterson...@gmail.com> wrote: > > Now, in the album I posted above (https://imgur.com/a/dmMdG), the last > two screenshots show a packet capture from Wireshark. It appears that > Firefox

Re: NSS support for RFC7512 PKCS#11 URIs

On 05/03/2015 02:17 AM, David Woodhouse wrote: On Sat, 2015-05-02 at 18:33 -0700, Jan Pechanec wrote: On Fri, 1 May 2015, David Woodhouse wrote: On Fri, 2015-05-01 at 11:35 +0100, Alan Braggins wrote: On 30/04/15 17:56, David Woodhouse wrote: Has anyone looked at implementing RFC7512 support

Re: Problems with FF and internal certificates

On Friday 01 May 2015 12:11:00 Tanvi Vyas wrote: > > On Apr 27, 2015, at 2:03 PM, Michael Peterson wrote: > > > > > > Firefox does not like our internal certificates. I'm trying to figure out > > why...> > > > > > > tl;dr - Our internal IIS servers, signed with our internal CA, present a > > "

Re: Problems with FF and internal certificates

Posting to mozilla-dev-tech-crypto instead. firefox-dev to bcc. > On Apr 27, 2015, at 2:03 PM, Michael Peterson > wrote: > > Firefox does not like our internal certificates. I'm trying to figure out > why... > > tl;dr - Our internal IIS servers, signed with our internal CA, present a > "S

Re: NSS support for RFC7512 PKCS#11 URIs

On Fri, 1 May 2015, David Woodhouse wrote: >On Fri, 2015-05-01 at 11:35 +0100, Alan Braggins wrote: >> On 30/04/15 17:56, David Woodhouse wrote: >> > Has anyone looked at implementing RFC7512 support, allowing an object >> > to be specified by a PKCS#11 URI? >> I don't suppose you know why RFC 751