ving directory
'/home//Documents/nss-3.25/nspr/WIN954.0__OPT.OBJ'
Makefile:128: recipe for target 'build_nspr' failed
make: *** [build_nspr] Error 2
I don't really know how to stand up a build environment, so this doesn't really
surprise me.
Can
ving directory
'/home//Documents/nss-3.25/nspr/WIN954.0__OPT.OBJ'
Makefile:128: recipe for target 'build_nspr' failed
make: *** [build_nspr] Error 2
I don't really know how to stand up a build environment, so this doesn't really
surprise me.
Can
I do not know how to proceed from here.
I'd prefer to build on Windows, if I can, but I'm not completely averse to
using Linux. That said, I have no idea how to properly set up a Linux build
computer for NSS on Windows.
Can anyone help me figure out what I am doing wrong? If this is n
Word of advise: instead of asking generic help of people who are all busy with
dayjobs, tell them what you have done and where you ran into problems. Specific
questions are very likely to get answered. Generic questions will not.
Sent from my iPhone
> On Feb 22, 2016, at 05:08, Djal
fail to do it, or rather have not been able
to do.
I want to know is that it's possible that you bring us your help, because
we are working on a university project which will be completed in three
weeks and we're really stuck on the project.
Thank you in advance and I hope to have a res
(this is set by users)
- Calculation of duration of keys' usage.
I tried to use these functions, but it causes my extension to crash
without any notice.
Appreciate if someone can help me on this issue. Thank you.
Regards,
Brian Teh, Singapore
The S/MIME code uses these functions in the &#
duration of keys' usage.
I tried to use these functions, but it causes my extension to crash
without any notice.
Appreciate if someone can help me on this issue. Thank you.
Regards,
Brian Teh, Singapore
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozill
stand why ?
i change type of variable in order to have more flexibility of the
program, these changes work fine for aes_cbc and aes_ecb but for
aes_cbc_pad not
please help
regards all
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
florent ainardi wrote:
> does anyone can help me starting coding in c the nss library ?
> i had to encrypt and decrypt data
> can you tell me the list of function i had to call to do that
> and tell me the order i suppose that there is a initialization of
> context, generate key
hello all
does anyone can help me starting coding in c the nss library ?
i had to encrypt and decrypt data
can you tell me the list of function i had to call to do that and tell
me the order
i suppose that there is a initialization of context, generate key, set
mode, set algo, call function then
On Jun 23, 8:13 pm, Robert Relyea wrote:
> On 06/23/2011 02:14 AM, florent ainardi wrote:
>
> >>> and the same thing for a file
> >>> but i don't how to start
> >>> i use polarssl library and the api doc is very simple
> >>> pleas
On 06/23/2011 02:14 AM, florent ainardi wrote:
>
>>> and the same thing for a file
>>> but i don't how to start
>>> i use polarssl library and the api doc is very simple
>>> please help using the NSS library from mozilla
>>> regards all
> hel
t; > and the same thing for a file
> > but i don't how to start
> > i use polarssl library and the api doc is very simple
> > please help using the NSS library from mozilla
> > regards all
hello bob
thanks for replying
but i had to implement in a simple program the aes
y of an encryption program.
The rest is pretty straight forward.
bob
> 4- save the cipher data into a file
> 5-end
>
> and the same thing for a file
> but i don't how to start
> i use polarssl library and the api doc is very simple
> please help using the NSS library from mozi
same thing for a file
but i don't how to start
i use polarssl library and the api doc is very simple
please help using the NSS library from mozilla
regards all
--
View this message in context:
http://old.nabble.com/help-me-use-aes-with-NSS-tp31894850p31894850.html
Sent from the Mozilla - Cr
same thing for a file
but i don't how to start
i use polarssl library and the api doc is very simple
please help using the NSS library from mozilla
regards all
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
w this message in context:
http://old.nabble.com/using-browser-keydtore-from-applet---help-tp30573381p30573381.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
A256_SIGNATURE:
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
*hashalg = SEC_OID_SHA256;
bobs-laptop(367)
> For testing I generated
> certificates but in the field someone else will be doing this
> and I have no visibility into how they do it. You mentioned earlier
> that some
e will be doing this
and I have no visibility into how they do it. You mentioned earlier
that some public keys support multiple signature algorithms.
How do I determine which algorithms the public key I'm supports? How
do I tell VFY about these multiple algorithms? Thanks
again for your help.
Ted
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 2010/09/07 17:08 PDT, tedx wrote:
> I've hacked up something to try but I've now encountered a
> compilation error that I don't understand. Has anyone else seen this?
> nss_signing.c: In function ‘spl_nssVerifySignature’:
> nss_signing.c:172: error: storage size of ‘vfy_context’ isn’t known
>
On Sep 7, 1:34 pm, Nelson B Bolyard wrote:
> On 2010-09-06 08:17 PDT, Xavier Toth wrote:
>
> > I'm trying to verify the signature of a file I've signed but I don't
> > understand where to get the sigAlgorithm and hash to pass to
> > VFY_CreateContextWithAlgorithmID.
>
> I presume you've read the d
On 2010-09-06 08:17 PDT, Xavier Toth wrote:
> I'm trying to verify the signature of a file I've signed but I don't
> understand where to get the sigAlgorithm and hash to pass to
> VFY_CreateContextWithAlgorithmID.
I presume you've read the description of these parameters in
http://mxr.mozilla.or
I'm trying to verify the signature of a file I've signed but I don't
understand where to get the sigAlgorithm and hash to pass to
VFY_CreateContextWithAlgorithmID. I've googled looking for some sample
code using the VFY_ apis to verify signatures but I haven't found
anything that I could build off
I'm trying to verify the signature of a file I've signed but I don't
understand where to get the sigAlgorithm and hash to pass to
VFY_CreateContextWithAlgorithmID. I've googled looking for some sample
code using the VFY_ apis to verify signatures but I haven't found
anything that I could build off
On Tue, Jul 27, 2010 at 10:09 AM, Pat wrote:
> Hello,
>
> Can anyone explain what is going wrong with the following scenario?
>
> Using NSPR 4.8, NSS 3.12.6, JSS 4.3.1 with JDK 1.6_21 on Windows XP
> Professional SP 3. FIPS mode is enabled.
>
> I'm trying to open an LDAP connection to an LDAP ser
Hello,
Can anyone explain what is going wrong with the following scenario?
Using NSPR 4.8, NSS 3.12.6, JSS 4.3.1 with JDK 1.6_21 on Windows XP
Professional SP 3. FIPS mode is enabled.
I'm trying to open an LDAP connection to an LDAP server (Apache
Directory Server) running locally on the same s
On 2010-04-14 19:18 PST, 虎 季 wrote:
>I am an engineer working in mozilla China, I'm going to provide a
> solution for Chinese banks which support IE only in China now.
Welcome, 虎 季. Perhaps you can give us westerners some guidance on how to
pronounce or transliterate your name in western alph
I am an engineer working in mozilla China, I'm going to provide a
solution for Chinese banks which support IE only in China now.
The problem I met is that:
There are many vendors who supply smart-cards for banks, they have
implemented the pkcs#11 modules(maybe implemented most parts of
p
George,
Another source of info on cross-compiling NSS is Mozilla's makefile
responsible for compiling NSS:
http://mxr.mozilla.org/mozilla-central/source/security/manager/Makefile.in
Search for "CROSS_COMPILE" in that makefile.
Note that this approach is different from the preferred approach
that
and OS_TARGET_RELEASE environment variables to your target OS. This will
> override the what coreconf will automatically pick up.
>
> NSS builds 2 types of tools as part of the build process: 1) tools to
> help in the build, and 2) target tools. The latter is basically
> nsinsta
On 01/12/2010 04:07 AM, trashpants wrote:
> im quite literally using the following line to try and import the file
>
> pkcs12.exe -i cert.p12 -v -W Pass
>
> but I get an error:
>
> certutil.exe: function failed: security library: bad database.
>
You need to specify -d {firefox profile directory
exe: function failed: security library: bad database.
I know I should be using a -h option after cert.p12 but im not sure what
'token name' I'm meant to add as the parameter. Also are passwords etc meant
to be written in quotes or not?
Any help would be greatly appreciated!
EDIT:
nvm
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
u would set the OS_TARGET
and OS_TARGET_RELEASE environment variables to your target OS. This will
override the what coreconf will automatically pick up.
NSS builds 2 types of tools as part of the build process: 1) tools to
help in the build, and 2) target tools. The latter is basically
nsinstall,
I'm using WindRiver Linux 2.0 to cross compile nss to a PowerPC. The
3.11.4 build instructions and troubleshooting don't cover something
like this. Can someone point me to documentation that would describe
how to set the compiler, flags, install location, etc...?
--
dev-tech-crypto mailing list
d
thank you for the answer. I think I'll content myself with the WinNT
flavor of NSPR because building the Win95 flavor seems to be a little
bit complicated :)
best regards
Amine
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 2009-09-04 01:51 PDT, Amine wrote:
> Actually, I'v placed the nspr-4.6.4 libraries in c:\jss. So, I've only
> replaced the debug libraries of nspr-4.6.4 by the release ones and
> everything works properly.
Well, if it works, I guess we should stop trying to fix it. :)
> I didn't set my path t
Just a little question : why jss4.dll needs libraries of nspr package
such :
- libnspr4.dll
- libplc4.dll
- libplds4.dll
even if we can expect that
- nspr4.dll
- plc4.dll
- plds4.dll
which exist in C:\Program Files\Mozilla Firefox are probably similar ?
--
dev-tech-crypto mailing list
dev-tech-cry
Just a little question : why jss4.dll needs libraries of nspr package
such :
- libnspr4.dll
- libplc4.dll
- libplds4.dll
even if we can expect that
- nspr4.dll
- plc4.dll
- plds4.dll
which exist in C:\Program Files\Mozilla Firefox are probably similar ?
--
dev-tech-crypto mailing list
dev-tech-cry
Thank you very much glen for the help, Now, IT WORKS !
Now I really do the difference between a debug build and a release
build.
Actually, I'v placed the nspr-4.6.4 libraries in c:\jss. So, I've only
replaced the debug libraries of nspr-4.6.4 by the release ones and
everything works pr
On 9/3/09 4:24 PM, Glen Beasley wrote:
On 9/3/09 11:23 AM, Nelson B Bolyard wrote:
On 2009-09-03 02:23 PDT, Amine wrote:
Well, I'll try to be very precise this time.
I am writing a little Java program that uses an NSS Internal PKCS#11
Module for signing. Am using Win XP, service pack 3 and
On 9/3/09 11:23 AM, Nelson B Bolyard wrote:
On 2009-09-03 02:23 PDT, Amine wrote:
Well, I'll try to be very precise this time.
I am writing a little Java program that uses an NSS Internal PKCS#11
Module for signing. Am using Win XP, service pack 3 and, for now, no
Visual C++ is installed.
On 2009-09-03 02:23 PDT, Amine wrote:
> Well, I'll try to be very precise this time.
>
> I am writing a little Java program that uses an NSS Internal PKCS#11
> Module for signing. Am using Win XP, service pack 3 and, for now, no
> Visual C++ is installed.
>
> So am using the JSS 4.2 that uses NSP
e results but incomplet build, the system was blocked some
times when the "make" command was running
I hope this will bring you the sufficient informations to help me to
bypass this problem.
Once again, thank you.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
ow can I override
this
problem ? I think that Mozilla is giving the debug build of the jss
shared library instead of the release build.
Thank you in advance for your help.
Amine
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
oy
the application.
I've also tried to rebuild the jss4.dll with BUILD_OPT=1 and i've got
the same library exposed on the Mozilla links . How can I override
this
problem ? I think that Mozilla is giving the debug build of the jss
shared library instead of the release build.
Thank you in ad
authorized.
The author was showing that even looking at the lock doesn't help in a spoofing
attack if the attacker has a wildcard certificate. In this way, it is an attack
improvement.
>This is not to say that wildcard certificates are not bad, evil, anything, but
>that nothing
On 26/02/09 11:05, Jean-Marc Desperrier wrote:
Eddy Nigg wrote:
On 02/25/2009 08:31 PM, Gervase Markham:
On 23/02/09 23:54, Eddy Nigg wrote:
[...]
Only CAs are relevant if at all. You don't expect that 200 domain names
were registered by going through anti-spoofing checking and
measures, do
yo
Paul Hoffman wrote:
At 7:09 AM +0100 2/24/09, Kaspar Brand wrote:
Kyle Hamilton wrote:
Removal of support for wildcards can't be done without PKIX action, if
one wants to claim conformance to RFC 3280/5280.
Huh? Both these RFCs completely step out of the way when it comes to
wildcard certifica
Eddy Nigg wrote:
On 02/25/2009 08:31 PM, Gervase Markham:
On 23/02/09 23:54, Eddy Nigg wrote:
[...]
Only CAs are relevant if at all. You don't expect that 200 domain names
were registered by going through anti-spoofing checking and measures, do
you?!
[...]
Outsh, sorry! That should have been
On 02/25/2009 08:31 PM, Gervase Markham:
On 23/02/09 23:54, Eddy Nigg wrote:
How to prove? Does Mozilla buy domain names (or purchase certificates)
from time to time in order to govern its policies?
We rely on good citizens like you to let us know when there's a problem
:-) We don't regularly
On 23/02/09 23:54, Eddy Nigg wrote:
How to prove? Does Mozilla buy domain names (or purchase certificates)
from time to time in order to govern its policies?
We rely on good citizens like you to let us know when there's a problem
:-) We don't regularly attempt to break the security of CA cert
At 7:09 AM +0100 2/24/09, Kaspar Brand wrote:
>Kyle Hamilton wrote:
>> Removal of support for wildcards can't be done without PKIX action, if
>> one wants to claim conformance to RFC 3280/5280.
>
>Huh? Both these RFCs completely step out of the way when it comes to
>wildcard certificates - just rea
On 02/24/2009 01:47 PM, Ian G:
Right. This can also be seen as evidence that secure browsing has not
protected the users, because it was so easily bypassed.
Orthe price to stage an attack using SSL is still considered too
high. It's rather a point for SSL than against IMO.
If the securi
On 24/2/09 02:11, Eddy Nigg wrote:
On 02/24/2009 02:35 AM, Ian G:
The point that is made is that the "positive response" is so weak that
it doesn't support the overall effect; the attacker just prefers to
trick the user using HTTP and some favicons or other simple symbols. And
(so the author cla
Kyle Hamilton wrote:
> RFC 2818 ("HTTP Over TLS"), section 3.1.
Definitely not a PKIX RFC. "Removal of support for wildcards" doesn't
need any PKIX action.
Kaspar
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
RFC 2818 ("HTTP Over TLS"), section 3.1.
-Kyle H
On Mon, Feb 23, 2009 at 10:09 PM, Kaspar Brand wrote:
> Kyle Hamilton wrote:
>> Removal of support for wildcards can't be done without PKIX action, if
>> one wants to claim conformance to RFC 3280/5280.
>
> Huh? Both these RFCs completely step out
Kyle Hamilton wrote:
> Removal of support for wildcards can't be done without PKIX action, if
> one wants to claim conformance to RFC 3280/5280.
Huh? Both these RFCs completely step out of the way when it comes to
wildcard certificates - just read the last paragraph of section
4.2.1.7/4.2.1.6. PKI
On 02/24/2009 02:35 AM, Ian G:
The point that is made is that the "positive response" is so weak that
it doesn't support the overall effect; the attacker just prefers to
trick the user using HTTP and some favicons or other simple symbols. And
(so the author claims) gets away with it easily enough
To amplify the response to Gerv's question on "positive / negative
imbalance in responses in FF3", here's a forward from another list.
On 21/2/09 15:34, Peter Gutmann wrote:
"Steven M. Bellovin" writes:
http://www.theregister.co.uk/2009/02/19/ssl_busting_demo/ -- we've talked
about this at
On 24/2/09 00:20, Gervase Markham wrote:
On 19/02/09 17:36, Ian G wrote:
1. He has clearly laid out the trap of negative versus positive
feedback, and explained why Firefox 3 UI changes make the result less
secure than Ff2.
You'll need to elaborate on what you are saying here, because the way
On Mon, Feb 23, 2009 at 4:10 PM, Eddy Nigg wrote:
> On 02/24/2009 02:01 AM, Kyle Hamilton:
>>
>> It's important to realize something rather important... security must
>> be designed into the system from the ground up, and all pieces of a
>> secure system must operate together properly. It's not *
On 02/24/2009 02:01 AM, Kyle Hamilton:
It's important to realize something rather important... security must
be designed into the system from the ground up, and all pieces of a
secure system must operate together properly. It's not *just* the CA,
it's everything.
Ideally yes, your are right...
Eddy:
It's important to realize something rather important... security must
be designed into the system from the ground up, and all pieces of a
secure system must operate together properly. It's not *just* the CA,
it's everything.
Since we don't have a secure system, we need to find a way to mak
On 02/24/2009 01:23 AM, Gervase Markham:
All the registries added to the list had this when they were added. As I
said in my previous message, if you know of a registry which no longer
meets these criteria, please let me know.
How to prove? Does Mozilla buy domain names (or purchase certificate
On 02/24/2009 01:18 AM, Gervase Markham:
The "rationale" section of this document explains very well why our
policy and technical implementation is as it is:
http://www.mozilla.org/projects/security/tld-idn-policy-list.html
OK, reading the IDN policy I understand that registrars uses human, a
On 22/02/09 21:56, Paul Hoffman wrote:
I think part of what's going on here is a confusion between CAs and
domain name registrars. IIRC there was indeed some sort of
agreement among domain name registrars to implement special
checking for internationalized domain names.
There was no such agreem
On 19/02/09 17:36, Ian G wrote:
1. He has clearly laid out the trap of negative versus positive
feedback, and explained why Firefox 3 UI changes make the result less
secure than Ff2.
You'll need to elaborate on what you are saying here, because the way I
read it, he _hates_ the new FF3 securit
On 20/02/09 18:28, Benjamin Smedberg wrote:
I'm proposing that when Firefox displays the domain name of a site, it
should only use punycode display for the portion of the domain name which
actually appears in the certificate. So for a wildcard cert *.ijjk.cn, the
display would be
xn--blahblahunr
On 23/02/09 17:58, Paul Hoffman wrote:
Jean-Marc, you have fallen for Gerv's wishful thinking and security
theater. There are multiple TLDs on that list that have policies that
say *nothing* about preventing homograph spoofing.
Every TLD on that list should have a published set of characters it
On 02/23/2009 04:57 PM, Ian G:
* IDNs present more danger than wildcards,
* wildcards present more danger than IDNs,
* they are approximately the same level of danger,
and trying to separate them out is not efficacious
at this level of discussion?
Anything which can be misused in such a way s
Jean-Marc Desperrier wrote, On 2009-02-23 04:01:
> Nelson and everyone else not knowing the details of this :
> The problem is solved not at the CA level, but at the registry/TLD level.
I think you mean that IF it were solved, the solution would be at ...
But I think it is evident that it is NOT s
At 2:19 AM +0200 2/23/09, Eddy Nigg wrote:
>You don't like that I mention particular CAs, but the one I'm affiliated with
>does to some extend. ;-)
I do not like you mentioning particular CAs to advertise (yourself) or attack
(your competitor); asking for a list of CAs that implement policies th
At 1:14 PM +0100 2/23/09, Jean-Marc Desperrier wrote:
>Paul Hoffman wrote:
>>TLD registries ask which language a name is in; some then do some
>>filtering based on what characters they think are used by particular
>>languages. This is far from a science and fails miserably for most
>>European langu
On 23/2/09 13:41, Eddy Nigg wrote:
On 02/23/2009 02:01 PM, Jean-Marc Desperrier:
When issuing a SSL server cert there is no need for a special checking
at the CA level, because nobody will first be able to obtain a dangerous
domain name within that TLD.
Like the IANA requirement to state corre
On 02/23/2009 02:01 PM, Jean-Marc Desperrier:
When issuing a SSL server cert there is no need for a special checking
at the CA level, because nobody will first be able to obtain a dangerous
domain name within that TLD.
Like the IANA requirement to state correct information in the WHOIS
records
Paul Hoffman wrote:
TLD registries ask which language a name is in; some then do some
filtering based on what characters they think are used by particular
languages. This is far from a science and fails miserably for most
European languages.
If it fails, then report it to secur...@mozilla.org a
Nelson B Bolyard wrote:
Benjamin Smedberg wrote, On 2009-02-20 10:28:
[...] CA guidelines
Which (whose) guidelines? Are you referring to RFC 5280 section 7, or
to some other guidelines?
Mozilla's CA cert policy doesn't even mention this subject.
say that certificates should not be issued w
On 02/21/2009 11:19 PM, Paul Hoffman:
I don't see how the attack could have been done without wildcards. CA
guidelines say that certificates should not be issued with homographic
characters that might cause confusion
They do? Where?
Some CA policies do. I can't recall right now, but EV might
>I think part of what's going on here is a confusion between CAs and domain
>name registrars. IIRC there was indeed some sort of agreement among domain
>name registrars to implement special checking for internationalized domain
>names.
There was no such agreement. TLD registries ask which langu
Paul Hoffman wrote:
UTR #36 is not a CA guideline, it is a guideline that some CAs might
read and implement. I know of none that have.
I think part of what's going on here is a confusion between CAs and
domain name registrars. IIRC there was indeed some sort of agreement
among domain name reg
>On Sat, Feb 21, 2009 at 1:19 PM, Paul Hoffman wrote:
>>>I don't see how the attack could have been done without wildcards. CA
>>>guidelines say that certificates should not be issued with homographic
>>>characters that might cause confusion
>>
>> They do? Where?
>
>I believe that Unicode Technica
On Sat, Feb 21, 2009 at 1:19 PM, Paul Hoffman wrote:
>>I don't see how the attack could have been done without wildcards. CA
>>guidelines say that certificates should not be issued with homographic
>>characters that might cause confusion
>
> They do? Where?
I believe that Unicode Technical Report
At 1:28 PM -0500 2/20/09, Benjamin Smedberg wrote:
>On 2/20/09 12:11 PM, Nelson B Bolyard wrote:
>> Benjamin Smedberg wrote, On 2009-02-19 07:39:
>>
>>> It sounds to me that we could and should fix this bug simply by disabling
>>> punycode for the wildcard portion.
>>
>> I'm not sure what you're pr
On 20/2/09 20:07, Nelson B Bolyard wrote:
Benjamin Smedberg wrote, On 2009-02-20 10:28:
Homomorphic characters aren't a problem for wildcard matching. They're a
problem for users' eyeballs. The attack that was demonstrated could have
been done without wildcards. Changing the wildcard matchi
Benjamin Smedberg wrote, On 2009-02-20 10:28:
> On 2/20/09 12:11 PM, Nelson B Bolyard wrote:
>> Benjamin Smedberg wrote, On 2009-02-19 07:39:
>>
>>> It sounds to me that we could and should fix this bug simply by disabling
>>> punycode for the wildcard portion.
>> I'm not sure what you're proposing
On 02/20/2009 08:28 PM, Benjamin Smedberg:
I don't see how the attack could have been done without wildcards. CA
guidelines say that certificates should not be issued with homographic
characters that might cause confusion, and as far as we know these
guidelines are being followed. The attack here
On 2/20/09 12:11 PM, Nelson B Bolyard wrote:
> Benjamin Smedberg wrote, On 2009-02-19 07:39:
>
>> It sounds to me that we could and should fix this bug simply by disabling
>> punycode for the wildcard portion.
>
> I'm not sure what you're proposing here, Ben, or what effect you think
> it would h
Benjamin Smedberg wrote, On 2009-02-19 07:39:
> It sounds to me that we could and should fix this bug simply by disabling
> punycode for the wildcard portion.
I'm not sure what you're proposing here, Ben, or what effect you think
it would have.
Homomorphic characters aren't a problem for wildcar
Eddy Nigg wrote:
On 02/19/2009 03:30 PM, Jean-Marc Desperrier:
Moxie Marlinspike in Black Hat has just demonstrated a very serious i18n
attack using a *.ijjk.cn certificate.
http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
.cn is authorized
On 02/19/2009 07:36 PM, Ian G:
1. He has clearly laid out the trap of negative versus positive
feedback, and explained why Firefox 3 UI changes make the result less
secure than Ff2.
I don't think this is what he is saying exactly, but rather that for
HTTP the world looks always fine...
...th
On 02/19/2009 05:39 PM, Benjamin Smedberg:
Other than this specific attack, what are the concerns about wildcards that
would make us take such a drastic action?
It sounds to me that we could and should fix this bug simply by disabling
punycode for the wildcard portion.
Because punycode isn't
On 19/2/09 16:39, Benjamin Smedberg wrote:
http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
Other than this specific attack, what are the concerns about wildcards that
would make us take such a drastic action?
It sounds to me that we cou
On 19/2/09 14:30, Jean-Marc Desperrier wrote:
Moxie Marlinspike in Black Hat has just demonstrated a very serious i18n
attack using a *.ijjk.cn certificate.
http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
PS : Some of his other remarks a
On 2/19/09 9:37 AM, Eddy Nigg wrote:
> On 02/19/2009 03:30 PM, Jean-Marc Desperrier:
>> Moxie Marlinspike in Black Hat has just demonstrated a very serious i18n
>> attack using a *.ijjk.cn certificate.
>>
>> http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defea
On 02/19/2009 03:30 PM, Jean-Marc Desperrier:
Moxie Marlinspike in Black Hat has just demonstrated a very serious i18n
attack using a *.ijjk.cn certificate.
http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
.cn is authorized for i18n, and t
Moxie Marlinspike in Black Hat has just demonstrated a very serious i18n
attack using a *.ijjk.cn certificate.
http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
.cn is authorized for i18n, and the * will match anything, allowing all
the cla
Akkshayaa Venkatram wrote:
>> From the mozilla tree,
>> http://mxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11pub.h#109
>>
>>
>> I want to call the PK11 functions for encrypt, decrypt, sign, verify,
>> etc.. from my Firefox extension that is written in javascript.
Robert Relyea w
I'll repeat my answer to your question in the opensc list. We should
probably keep followups in this list since there is more NSS/mozilla
expertise here (which is really where your questionis coming from)...
Akkshayaa Venkatram wrote:
Hello,
From the mozilla tree,
http://mxr.mozilla.org/moz
Hello,
From the mozilla tree,
http://mxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11pub.h#109
I want to call the PK11 functions for encrypt, decrypt, sign, verify,
etc.. from my Firefox extension that is written in javascript.
Eg:
SECKEYPrivateKey *PK11_GenerateKeyPair(PK11Sl
1 - 100 of 172 matches
Mail list logo
