Nelson B Bolyard wrote:
since a CA has no options for key protection during issuance
using Firefox which it has using MSIE.
Yes, I quite agree with you on this point, Anders. The problem is that the
CA cannot express to Firefox that it wants Firefox to require that the
generated key be unext
On 2010-04-08 22:17 PST, Anders Rundgren wrote:
> Mountie Lee wrote:
>> I mean CKA_EXTRACTABLE.
>> as a Sub-CA, when they issue client certificate, they want to make sure
>> the private key will [not] be exported outside of browser keystore. the
>> only one exception is when the private key is in h
hi sorry.
I made mistake.
exportable -> unexportable
Mountie
2010. 4. 9. 14:17 Anders Rundgren 작성:
Mountie Lee wrote:
I mean CKA_EXTRACTABLE.
as a Sub-CA, when they issue client certificate, they want to make
sure the private key will be exported outside of browser keystore.
the only one e
Mountie Lee wrote:
I mean CKA_EXTRACTABLE.
as a Sub-CA, when they issue client certificate, they want to make sure
the private key will be exported outside of browser keystore.
the only one exception is when the private key is in hardware token, it
can be moved to other browser.
I didn't get
Hi.
I comment below lines.
On Fri, Apr 9, 2010 at 4:12 AM, Nelson B Bolyard wrote:
> On 2010/04/08 10:53 PDT, Wan-Teh Chang wrote:
> > On Thu, Apr 8, 2010 at 10:08 AM, Nelson B Bolyard
> wrote:
> >>
> >> A PKCS#11 CSP can indeed choose to make private keys exportable or not.
> >> A FIPS mode C
Hi.
On Fri, Apr 9, 2010 at 2:08 AM, Nelson B Bolyard wrote:
> > Mountie Lee wrote:
> >> Thanks Eddy.
> >>
> >> in IE
> >> the service provider can choose the private key can be exportable or
> not.
> >>
> >> the manual configuration is not so attractive for service provider.
>
> On 2010-04-08 04
- Original Message -
From: "Nelson B Bolyard"
>I think he's referring to the fact that the PKCS#11 module must be manually
>configured to be in FIPS mode or not in FIPS mode.
I'm not aware of any automatic protection settings for manual key import in
Windows, unless you can do it with
On 2010/04/08 11:11 PDT, Anders Rundgren wrote:
> Nelson B Bolyard wrote:
>
>
>
>>> Hi Mountie,
>>> A service provider cannot specify *anything* regarding key protection
>>> using Firefox.
>>
>> Anders, I think Mountie was referring to "Crypto Service Provider" (CSP),
>> which is Microsoft's nam
On 2010/04/08 10:53 PDT, Wan-Teh Chang wrote:
> On Thu, Apr 8, 2010 at 10:08 AM, Nelson B Bolyard wrote:
>>
>> A PKCS#11 CSP can indeed choose to make private keys exportable or not.
>> A FIPS mode CSP will generally make private keys unexportable.
>> NSS's NON-FIPS PKCS#11 CSP can also make non-e
Nelson B Bolyard wrote:
Hi Mountie,
A service provider cannot specify *anything* regarding key protection
using Firefox.
Anders, I think Mountie was referring to "Crypto Service Provider" (CSP),
which is Microsoft's name for software modules that follow Microsoft's
alternative that is approx
On Thu, Apr 8, 2010 at 10:08 AM, Nelson B Bolyard wrote:
>
> A PKCS#11 CSP can indeed choose to make private keys exportable or not.
> A FIPS mode CSP will generally make private keys unexportable.
> NSS's NON-FIPS PKCS#11 CSP can also make non-exportable keys, IIRC,
> but Firefox offers no option
> Mountie Lee wrote:
>> Thanks Eddy.
>>
>> in IE
>> the service provider can choose the private key can be exportable or not.
>>
>> the manual configuration is not so attractive for service provider.
On 2010-04-08 04:14 PST, Anders Rundgren wrote:
> Hi Mountie,
> A service provider cannot specify
Hi Mountie,
A service provider cannot specify *anything* regarding key protection
using Firefox.
Anders
Mountie Lee wrote:
Thanks Eddy.
in IE
the service provider can choose the private key can be exportable or not.
the manual configuration is not so attractive for service provider.
is it po
Thanks Eddy.
in IE
the service provider can choose the private key can be exportable or not.
the manual configuration is not so attractive for service provider.
is it possible to enable FIPS mode by providing checkbox or some other ways
by server?
On Thu, Apr 8, 2010 at 7:49 PM, Eddy Nigg wro
On 04/08/2010 01:41 PM, Mountie Lee:
Hi.
I'm Mountie.
Hi Mountie...
in Firefox
is it possible to make private key in keystore as un-exportable that
the key was imported from outside.
Did you try to activate FIPS mode? See Preferences -> Advanced ->
Security Devices -> Enable FIPS.
--
Hi.
I'm Mountie.
I have a question.
in MSIE(Microsoft Internet Explorer)
user is able to choose the private key is exportable or not from keystore
when generating private key or import key pairs.
in Firefox
is it possible to make private key in keystore as un-exportable that the key
was imported
16 matches
Mail list logo
