Re: Listing CSRs?

2007-12-11 Thread Alexander Klink
Hi Nelson, On Mon, Dec 10, 2007 at 12:39:08PM -0800, Nelson Bolyard wrote: > Alexander Klink wrote, On 2007-12-10 05:09: > > is there an easy way to list the CSRs that have been created using > > SPKAC using Firefox? > No, sent CSRs are not recorded anywhere. Well, but the pr

Listing CSRs?

2007-12-10 Thread Alexander Klink
Hi all, is there an easy way to list the CSRs that have been created using SPKAC using Firefox? I believe it would be pretty useful to have a list of them on the GUI as well, but a command line way would be fine for now, too ... Best regards, Alex -- Dipl.-Math. Alexander Klink | IT

Re: Proposed NSS wildcard cert acceptance change - any angst?

2007-12-05 Thread Alexander Klink
s typically possible to configure the client (Mozilla in that case) on the user's desktop - and for the typical home user, I agree that the new way is definitely a better default. Best regards, Alex -- Dipl.-Math. Alexander Klink | IT-Security Engineer |[EMAIL PROTECTED] mobile:

Re: Generate Certification Request in PKCS#10 format from Browsers based on Mozilla

2007-09-11 Thread Alexander Klink
n use the -Tag to create SPKAC, though, which can be signed using OpenSSL, too. We are using it successfully in the OpenXPKI project. Best regards, Alex -- Dipl.-Math. Alexander Klink | IT-Security Engineer |[EMAIL PROTECTED] mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.

Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates

2007-09-07 Thread Alexander Klink
w > >any dialog at all. > Right! In 1.5 no "Installation Message" appears, which in 2.0 has been > corrected. I suggest to file a bug with the request to change the > default settings for handling certificate authentication. Please send > the bug number, so we can vote f

Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates

2007-09-07 Thread Alexander Klink
And what happens to the users > who do not have have client-certs issued by this CA when they > attempt to connect to the site? Nothing, you can keep it configured as optional on the webserver. Best regards, Alex -- Dipl.-Math. Alexander Klink | IT-Security Engineer |[EMAIL PROTECTED

Re: Firefox 2.0.x: tracking unsuspecting users using TLS client certificates

2007-09-07 Thread Alexander Klink
was a change? I don't remember this to be the case of > pre-2.0 Firefox either. I've actually tested that again and it also works in Firefox 1.5 - and even "better" there, because the certificate installation does not show any dialog at all. This reduces the visibility to a

Firefox 2.0.x: tracking unsuspecting users using TLS client certificates

2007-09-07 Thread Alexander Klink
rd for the private key. I could not test this any further though, because my Konqueror installation did not create the request. Apparently, it sends 'deadbeef' though if it can now create correct SPKAC data ... :-) Allows for 512 bit keys, too. Proof of Concept: - http://0x90.eu/ff_