a quite fragile algorithm when it comes to
random numbers).
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgphDyZDZQGw_.pgp
Description: OpenPGP digital signature
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev
registration and RFCs work? Is this
something the CFRG would do or some other entity in the IETF?
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpn9dEMx_fIz.pgp
Description: OpenPGP digital signature
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
team would be willig to work on merging the code. I'd be interested
in this because I want to make a proposal to get PSS support into TLS
1.3 and it would certainly help if I could say that all major TLS
libraries support it already.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha
.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
don't enable anything if it causes any
kind of trouble, no matter how much sense it makes in terms of security.
I'd prefer disabling OCSP stapling for now if it's causing such
regressions.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description
my worries about this are.
It would be great if you could test the new way of doing
certificate/OCSP verification. To do so, please download Firefox 30
Nightly from http://nightly.mozilla.org/. After you install it, go to
about:config and add a new entry:
I'll do that.
--
Hanno Böck
http
not to use this value?
I think there's no reason against this value. The standard sets the
default to a salt length of 32 byte.
Problematic are only very short salt values (like zero, which is also
possible according to the standard).
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG
do it some time in the
future.
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
JETZT zu Ökostrom wechseln: http://atomausstieg-selber-machen.de
signature.asc
Description: PGP signature
--
dev-tech-crypto mailing list
dev-tech-crypto
to
extract it)
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
JETZT zu Ökostrom wechseln: http://atomausstieg-selber-machen.de
signature.asc
Description: PGP signature
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https
serious issue.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http://schokokeks.org - professional webhosting
signature.asc
Description: This is a digitally signed message part.
--
dev-tech-crypto mailing list
dev-tech
);
You're right, but sadly that's not the problem, after that change I get the
same error:
Assertion failure: theTemplate-sub != NULL, at secasn1u.c:93
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http://schokokeks.org
the
subtemplate.
I fail to really understand the asn1 decoding code at the moment, but I find
it likely it's a bug in there.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http://schokokeks.org - professional webhosting
,
MY_RSAPSSParamsTemplate);
PORT_FreeArena(arena, PR_FALSE);
return SECSuccess;
}
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http://schokokeks.org - professional webhosting
signature.asc
Description: This is a digitally signed
://wiki.mozilla.org/NSS:PSS
Also, if you're interested you may want to follow the bugzilla entry, where
all patches will be posted:
https://bugzilla.mozilla.org/show_bug.cgi?id=158750
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha
?id=550231
http://www.mozilla.org/projects/security/pki/nss/
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http://schokokeks.org - professional webhosting
signature.asc
Description: This is a digitally signed message part
source bundles nss, but it's good linux distribution policy to
avoid bundled libraries, so this shouldn't happen.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http://schokokeks.org - professional webhosting
and nss.
But for example it's from my knowledge not posssible to get a sha256-
fingerprint of a certificate in firefox.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http://schokokeks.org - professional webhosting
://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/5d2faba3e71f2bb5/6bdca2a80a17d18a?lnk=gstq=pss#6bdca2a80a17d18a
What would people think about that? Is it too much/too little for a SoC-
project? Is it something nss / the mozilla project would welcome?
cu,
--
Hanno Böck Blog
18 matches
Mail list logo