Nelson B Bolyard wrote:
> Gervase Markham wrote, On 2009-01-26 05:27:
>> Nelson Bolyard wrote:
If it is the latter, what would be the effect of us removing the SSL
Step Up trust bit in NSS for the list of roots you give?
>>> No effect whatsoever.
>> Super. Would you care to file a bug to
Nelson B Bolyard wrote:
> What would the motive be for writing a patch that has no effect?
Because any CA which still uses Step Up or SGC to sell their certs over
those of their competitors is either just using FUD or is promoting the
use of insecure browsers. I want our code to have nothing to do
"what is THIS bit? And why is it set on some and not others?" It's
vestigial, and it should be removed simply as good housekeeping.
If this is the attitude of all of the Mozilla devs, no wonder it's
impossible to figure out the codebase without devoting weeks to
studying it.
I humbly suggest th
Gervase Markham wrote, On 2009-01-26 05:27:
> Nelson Bolyard wrote:
>>> If it is the latter, what would be the effect of us removing the SSL
>>> Step Up trust bit in NSS for the list of roots you give?
>> No effect whatsoever.
>
> Super. Would you care to file a bug to do that, or shall I? :-)
Wh
Nelson Bolyard wrote:
>> If it is the latter, what would be the effect of us removing the SSL
>> Step Up trust bit in NSS for the list of roots you give?
>
> No effect whatsoever.
Super. Would you care to file a bug to do that, or shall I? :-)
Gerv
--
dev-tech-crypto mailing list
dev-tech-crypto
Gervase Markham wrote, On 2009-01-20 20:33:
> Nelson B Bolyard wrote:
>> In Mozilla products, no roots have ever been SGC enabled.
>> Some roots were, and still are, marked as trusted for SSL Step Up.
>> Here's a list.
>
> Is the marking internal to or external to the cert? The fact that you
> say
Nelson B Bolyard wrote:
> In Mozilla products, no roots have ever been SGC enabled.
> Some roots were, and still are, marked as trusted for SSL Step Up.
> Here's a list.
Is the marking internal to or external to the cert? The fact that you
say no certs have ever been SGC-enabled makes me suspect t
srdavid...@gmail.com wrote, On 2009-01-20 11:48:
>> Yes, those browsers allowed SGC/Step-up only for a restricted list of
>> pre-installed root CA certificates.
>
> Anyone have a list of the specific roots that are SGC enabled?
> Many of them must be due for expiry soon.
SSL Step Up is differen
> Yes, those browsers allowed SGC/Step-up only for a restricted list of
> pre-installed root CA certificates.
Anyone have a list of the specific roots that are SGC enabled? Many
of them must be due for expiry soon.
Is the intent to renew/replace them with SGC super-powers, or to let
SGC fade awa
Gervase Markham wrote:
Does anyone know where I can find a definitive list of browsers for whom
SGC is helpful? That is to say, a list of browsers for which, if I
connected to a site with an SGC certificate, would provide a higher
grade of encryption than if I connected to an identical site with
Gervase Markham wrote, On 2009-01-19 14:11:
> Does anyone know where I can find a definitive list of browsers for whom
> SGC is helpful? That is to say, a list of browsers for which, if I
> connected to a site with an SGC certificate, would provide a higher
> grade of encryption than if I connected
Does anyone know where I can find a definitive list of browsers for whom
SGC is helpful? That is to say, a list of browsers for which, if I
connected to a site with an SGC certificate, would provide a higher
grade of encryption than if I connected to an identical site with a
non-SGC certificate?
A
12 matches
Mail list logo
