This discussion started in the CA/Browser Forum public list; I'm moving it here
at Gerv's suggestion.
Mozilla recently posted its SHA-1 policy here:
https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/.
This blog is helpful, but not comple
On Monday, June 9, 2014 4:27:56 PM UTC-7, Rick Andrews wrote:
> AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store
> using NIST curves. Are any other ECC curves supported by Mozilla, in case one
> wanted to use a different curve? Is the list of supported
AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store
using NIST curves. Are any other ECC curves supported by Mozilla, in case one
wanted to use a different curve? Is the list of supported algorithms and key
sizes published somewhere?
--
dev-tech-crypto mailing list
dev-te
AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store
using NIST curves. If a CA wanted to add a root using a different curve, we
would need to know what other curves were supported by Mozilla. Is this info
published anywhere?
--
dev-tech-crypto mailing list
dev-tech-crypto
I need to remove some 1024-bit roots from Firefox’s trust store, but I realize
that these trusted roots are part of the NSS library, and that the NSS library
is used by lots of other software, not just Firefox. Removing these roots may
have far-reaching consequences. I understand that there isn'
I know that FF allows you to choose a CRL and it will check status against that
CRL when it finds a cert issued by the CRL issuer. Does anyone know if FF uses
the CDP in the cert or the cert's issuer name as a key to find the CRL?
The reason I ask is in regards to partitioned CRLs, where a CA co
Is there a way in Firefox to suppress the client certificate dialog
when a web server wants a client cert for user authentication? IE
allows it to be suppressed via policy flag if there are zero or only
one cert in the cert store. I don't see any options in about:config
for this.
-Rick
--
dev-tec
> How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
> New Mozilla browsers released after this date do not and will not have the
> problem you described above. So, it should not be necessary to retain the
> MD2 certs in the root list for these new
> How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
> New Mozilla browsers released after this date do not and will not have the
> problem you described above. So, it should not be necessary to retain the
> MD2 certs in the root list for these new
> How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
> New Mozilla browsers released after this date do not and will not have the
> problem you described above. So, it should not be necessary to retain the
> MD2 certs in the root list for these new
On May 28, 3:12 pm, Nelson B Bolyard wrote:
> On 2009-05-28 10:52 PDT, Kathleen Wilson wrote:
>
> > Just to make sure I understand…
>
> > In the VeriSign case the MD2 roots expire on 2028-08-01, and the SHA1
> > roots expire on 2028-08-02, so the SHA1 roots would take precedence in
> > NSS. There
eveloper.mozilla.org/en/docs/Security_in_Firefox_2), but I haven't
been able to find any indication that it will remain in Firefox 3. Can
I safely assume that it will be in ff3 if there are no indications to
the contrary?
-Rick Andrews
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
12 matches
Mail list logo
