Thanks Nelson for explaining this.
I also understand your worries regarding what to sign and I would
be very dishonest if I said I have solved it. In fact, my design
doesn't even address this issue (!) except that if of course builds
on the assumption that at least the viewer works as expected.
Hi,
Hans Petter Jansson schrieb:
This database only fails to migrate if the target database was not
already created by another, successful merge, though.
I think you're saying that the failures only occur if the target (cert9)
DB doesn't already exist when your program is run, but does
Anders Rundgren wrote:
I also understand your worries regarding what to sign and I would
be very dishonest if I said I have solved it. In fact, my design
doesn't even address this issue (!) except that if of course builds
on the assumption that at least the viewer works as expected.
Now, why
Nelson Bolyard wrote:
Eddy Nigg wrote:
On 11/19/2008 05:52 PM, Anders Rundgren:
In the meantime, wouldn't it be of some value if Mozilla tried to
satisfy a PKI-
related activity that in number of users, already is much bigger than
S/MIME,
i.e. the concept of Web Signing?
What is this supposed
Anders Rundgren wrote:
I also understand your worries regarding what to sign and I would
be very dishonest if I said I have solved it. In fact, my design
doesn't even address this issue (!) except that if of course builds
on the assumption that at least the viewer works as expected.
But it's
Nelson Bolyard wrote:
Eddy Nigg wrote:
On 11/19/2008 05:52 PM, Anders Rundgren:
In the meantime, wouldn't it be of some value if Mozilla tried to
satisfy a PKI-
related activity that in number of users, already is much bigger than
S/MIME,
i.e. the concept of Web Signing?
What is this supposed
Ian G wrote:
Nelson Bolyard wrote:
Eddy Nigg wrote:
On 11/19/2008 05:52 PM, Anders Rundgren:
In the meantime, wouldn't it be of some value if Mozilla tried to
satisfy a PKI-
related activity that in number of users, already is much bigger than
S/MIME,
i.e. the concept of Web Signing?
What is
Ian G wrote:
Um. So these tools organise a signature from a client cert over the
text in the form text box, and then post the signature up to the server?
The crypto.signtext() function is given a text string, and the browser
UI pops up a dialog box that invites the user to read the text,
Responding to two at once!
Graham Leggett wrote:
Anders Rundgren wrote:
I also understand your worries regarding what to sign and I would
be very dishonest if I said I have solved it. In fact, my design
doesn't even address this issue (!) except that if of course builds
on the assumption
Ian G wrote:
OK, that's interesting but equally worrying that the business people
were asking that question, above all others. If so, this would suggest
to me that your business people had spent too long in the fluffy do
what lawyers say world, and had forgotten they had a business to run?
On Nov 19, 2:27 am, Eddy Nigg [EMAIL PROTECTED] wrote:
On 11/19/2008 01:59 AM, kgb:
Hi Kevin,
WISeKey has made some changes to its practices, since the last public
discussion period.
I'm glad to hear that! Can you point to what specifically has been
changed since then?
Probably the
Hi Eddy,
On Nov 19, 3:14 am, Eddy Nigg [EMAIL PROTECTED] wrote:
Frank:
TheWisekeycase could be where we might draw the line. Provided that
- there is a *good compelling reason* for using sub-ordinate
certificates in first place, limited to the domains under the control of
the owner (via
Graham Leggett wrote:
Ian G wrote:
Um. So these tools organise a signature from a client cert over the
text in the form text box, and then post the signature up to the server?
The crypto.signtext() function is given a text string, and the browser
UI pops up a dialog box that invites the
Ian G wrote:
This requires a client-certificate HTTPS connection to the webserver
to make it happen?
No, this can happen over an insecure http connection. The connection
between the browser and server has nothing to do with the
crypto.signtext() function.
Typically, you would probably want
Have you looked into this paper?
http://webpki.org/papers/wasp/wasp-faq.html
Unfortunately I believe there are too many uncoordinated views on this matter
to return a fruitful discussion but let me tell you how it works in Sweden: In
Sweden all the banks supply proprietary signature clients
Eddy Nigg wrote:
The Wisekey case could be where we might draw the line.
I'm not sure exactly which message (of mine or someone else's) you're
responding to.
In any case I don't think there's a bright line between the various
scenarios involving independently-operated subordinate CAs.
Ian G wrote, On 2008-11-20 07:53:
Graham Leggett wrote:
Having designed a system that includes web signing using
crypto.signtext() for an insurance company to handle claim approvals, I
can tell you that the primary question of the business people who used
the system was just what are we
On 11/20/2008 10:21 PM, Frank Hecker:
Eddy Nigg wrote:
The Wisekey case could be where we might draw the line.
I'm not sure exactly which message (of mine or someone else's) you're
responding to.
I refereed to the general discussion about sub roots.
In any case I don't think there's a
On 11/20/2008 06:34 PM, kb:
Probably the most important change in stated practice, is that it is
reflected that every CA is audited at least once annually. This is the
case for all active CAs.
Kevin, thanks for clarifying this. It indeed was one of the concerns
raised last time.
The
Ian G wrote, On 2008-11-20 06:04 PST:
Nelson Bolyard wrote:
Um. So these tools organise a signature from a client cert over the
text in the form text box, and then post the signature up to the server?
Well, I can only speak for what Mozilla browsers do. They generate a
document that
Hi Nelson, welcome to this fun debate :)
Nelson B Bolyard wrote:
Ian G wrote, On 2008-11-20 07:53:
Graham Leggett wrote:
Having designed a system that includes web signing using
crypto.signtext() for an insurance company to handle claim approvals, I
can tell you that the primary question of
Hi folks. I'm having some trouble using CERT_ImportCerts.
A minimal demo of the problem is at
http://kegel.com/cert-import-demo.cc
All this does is take a base 64 cert, decode it, and import it.
I have verified with the sequence
$ mkdir ~/.netscape
$ certutil -N
$ certutil -A -n foo -t p,p,p
On Nov 20, 4:23 pm, DanKegel [EMAIL PROTECTED] wrote:
First problem:
Decoding fails because NSSBase64_DecodeBuffer appears
to barf on the trailing ---END CERTIFICATE---.
Am I using this function properly? It seems to have
code to skip trailing garbage, but evidently it's
too fragile to
Wolfgang Rosenauer wrote:
Hi,
Hans Petter Jansson schrieb:
This database only fails to migrate if the target database was not
already created by another, successful merge, though.
I think you're saying that the failures only occur if the target (cert9)
DB doesn't already exist
On Nov 20, 6:14 pm, Nelson B Bolyard [EMAIL PROTECTED] wrote:
When I change the sample program so that cert_text no longer contains
the -BEGIN and -END lines, and so that the value assigned to
len no longer includes the trailing NUL character, then when I run
the program, it outputs:
Robert Relyea wrote:
Ken wrote:
2008/11/15 Robert Relyea [EMAIL PROTECTED]:
NZzi wrote:
Robert Relyea wrote:
NZzi wrote:
hi all:
I want to use private key to encrypt a message,
and decrypt with public key.
Are you encrypting data or a symmetric Key?
Most of
26 matches
Mail list logo