Re: Microtec CA inclusion request

2008-10-13 Thread Rob Stradling
the OCSP URI in the CA root IS a problem Nelson, does NSS ever attempt to check the revocation status of a built-in Root Certificate if that Root Certificate contains CRLDP(s) and/or OCSP URI(s) ? On Sunday 12 October 2008 16:40:11 Eddy Nigg wrote: Eddy Nigg: Except if Nelson thinks

Information regarding SSL_BadCertHook

2008-10-13 Thread VARAPRASAD REDDY MALLAM
Hi, I extracted below information from the Mozilla help site ( http://www.mozilla.org/projects/security/pki/nss/ref/ssl/index.html ) 'SSL_BadCertHook Sets up a callback function to deal with a situation where the SSL_AuthCertificate callback function has failed. This callback function allows the

Re: Microtec CA inclusion request

2008-10-13 Thread István Zsolt BERTA
I think we have a problem here! I wanted to make sure that the CA root and intermediate CA certificates don't include OCSP AIA extensions and I noticed the following when importing and examining the CA root... In fact, our intermediate CA certificates also included an OCSP AIA extension. As

Re: Microtec CA inclusion request

2008-10-13 Thread Nelson B Bolyard
Rob Stradling wrote, On 2008-10-12 23:01: Nelson, does NSS ever attempt to check the revocation status of a built-in Root Certificate if that Root Certificate contains CRLDP(s) and/or OCSP URI(s) ? Good question. The answer is somewhat complex. :-/ As you may know, NSS has two separate

Re: Microtec CA inclusion request

2008-10-13 Thread Eddy Nigg
Rob Stradling: the OCSP URI in the CA root IS a problem Nelson, does NSS ever attempt to check the revocation status of a built-in Root Certificate if that Root Certificate contains CRLDP(s) and/or OCSP URI(s) ? Adding to Nelson's commentCRL is checked at any level if provided

storing custom public key / private key pair securely in Firefox

2008-10-13 Thread [EMAIL PROTECTED]
Hi, I have a crypto library which I connect to a Firefox extension using Xpcom. The library generates custom size public and private key pairs which I would like to store securely in Firefox. How would this be done? Thanks, Dan ___ dev-tech-crypto

firefox 2 vs firefox 3 xpi signing

2008-10-13 Thread will
Hi, We're working on a firefox extension and want it code signed. We signed up for a Versign authenticode cert and following this: http://oyoy.eu/huh/firefox-extension-code-signed-with-spc-pvk/ we were fairly successful in building a signed extension. It works great in firefox 3 but fails in

Re: Microtec CA inclusion request

2008-10-13 Thread Rob Stradling
On Monday 13 October 2008 15:36:02 István Zsolt BERTA wrote: snip - The CA root includes the OCSP service URI in the AIA extension: We accept that it is awkward that our root certificate includes the OCSP AIA extension, it was a bad idea for us to include it. Unfortunately our root