Balint Balogh wrote:
Without this security measure, any CA that has its certificates in client
software has the power to thwart SSL/TLS security by issuing fake certificates
claiming to belong to *.example.com servers or email addresses.
If you think they might do that, why might they not do
Risk management, Gervase. If a company/domain-owner can securely
identify what CA they use, that prevents any other CA -- even one who
ends up inadvertently issuing certificates contrary to their CPS --
from causing damage, and thus lowers the risk of any individual CA
that may be in any given
There are a number of things that your application must do,
both on the client and server side, Erik:
1) You must have a servlet that has access to the key-pair
on the server side;
2) Your applet must communicate to the servlet and request
the certificate from the servlet (you are free to
I'm having an issue with mod_nss, an Apache module I wrote that provides
SSL using NSS.
The way Apache loads modules is a tad strange. What it does is it loads
them one time in order to get its list of configuration directives and
it verifies that the configuration is ok. It also runs through
Hello
Gervase Markham wrote:
If you think they might do that, why might they not do it for other
domains your users use (e.g. their bank)?
They might but I do not have direct control about that so I have to accept the
risk or try to reduce it through other means. However I have direct control
http://www.w3.org/2006/02/axalto-paper.html
This paper says that we can soon forget about P11 and such
and rely on AJAX-like access to crypto.
Anybody who knows more about the finer details?
AR
___
dev-tech-crypto mailing list
6 matches
Mail list logo
