the OCSP URI in the CA root IS a problem
Nelson, does NSS ever attempt to check the revocation status of a built-in
Root Certificate if that Root Certificate contains CRLDP(s) and/or OCSP
URI(s) ?
On Sunday 12 October 2008 16:40:11 Eddy Nigg wrote:
Eddy Nigg:
Except if Nelson thinks
Hi,
I extracted below information from the Mozilla help site (
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/index.html )
'SSL_BadCertHook Sets up a callback function to deal with a situation where
the SSL_AuthCertificate callback function has failed. This callback function
allows the
I think we have a problem here! I wanted to make sure that the CA root
and intermediate CA certificates don't include OCSP AIA extensions and I
noticed the following when importing and examining the CA root...
In fact, our intermediate CA certificates also included an OCSP AIA
extension.
As
Rob Stradling wrote, On 2008-10-12 23:01:
Nelson, does NSS ever attempt to check the revocation status of a built-in
Root Certificate if that Root Certificate contains CRLDP(s) and/or OCSP
URI(s) ?
Good question. The answer is somewhat complex. :-/
As you may know, NSS has two separate
Rob Stradling:
the OCSP URI in the CA root IS a problem
Nelson, does NSS ever attempt to check the revocation status of a built-in
Root Certificate if that Root Certificate contains CRLDP(s) and/or OCSP
URI(s) ?
Adding to Nelson's commentCRL is checked at any level if provided
Hi,
I have a crypto library which I connect to a Firefox extension using
Xpcom. The library generates custom size public and private key pairs
which I would like to store securely in Firefox. How would this be
done?
Thanks,
Dan
___
dev-tech-crypto
Hi,
We're working on a firefox extension and want it code signed. We
signed up for a Versign authenticode cert and following this:
http://oyoy.eu/huh/firefox-extension-code-signed-with-spc-pvk/
we were fairly successful in building a signed extension.
It works great in firefox 3 but fails in
On Monday 13 October 2008 15:36:02 István Zsolt BERTA wrote:
snip
- The CA root includes the OCSP service URI in the AIA extension:
We accept that it is awkward that our root certificate includes the
OCSP AIA extension, it was a bad idea for us to include it.
Unfortunately our root
8 matches
Mail list logo