On 18/05/10 15:54, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
If users did not have faulty judgement, and always made correct security
decisions, then there would be no
Does your module attempt to force the user to (re)authenticate to it every
time it needs to use the private key?
Does it attempt to do this by (re)entering a read-only state such as
CKS_RO_PUBLIC_SESSION after it performs a private key operation?
If so, that's your problem.
The module enters
On 05/19/2010 07:44 PM, From Marsh Ray:
Perhaps one identifiable improvement here is that this ability to get
acceptable certs easily could be made more widely known?
Yes, perhaps...but it might be difficult for Mozilla to do so too
openly...not sure.
--
Regards
Signer: Eddy Nigg,
On 5/20/2010 4:28 AM, Gervase Markham wrote:
On 18/05/10 15:54, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
If users did not have faulty judgement, and always made correct
On Mon, 2010-05-17 at 13:25 -0500, Marsh Ray wrote:
Imagine how fast sites would fix their certs if the scary page proposed
keyword alternative sites that did not have cert issues.
You can't assume that it's the site's fault. A competitor could be
MITM-ing the connection and showing a bad
When
security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref
is off, Firefox will refuse to perform a server-initiated
renegotiation with a non-RFC-5746 server. What is the purpose of this
behavior? It doesn't mitigate the vulnerability because in the attack
scenario, the
On May 19, 11:28 am, Eddy Nigg eddy_n...@startcom.org wrote:
Well, just for the record, lets get this strait - there are no false
positives. I have NEVER encountered an error with a web site and there
was no reason for it. Either the certificate was not trusted or the
domain did not match or
On 05/21/2010 03:23 AM, From Matt McCutchen:
On May 19, 11:28 am, Eddy Niggeddy_n...@startcom.org wrote:
Well, just for the record, lets get this strait - there are no false
positives. I have NEVER encountered an error with a web site and there
was no reason for it. Either the certificate
The way that commercial certifying authorities have gone about
things thus far is completely antithetical to how business is
transacted on the commercial internet. (hint: banks require *two*
forms of ID in order to open a bank account, and CAs provide only
*one*. How would you solve this
On Fri, 2010-05-21 at 04:02 +0300, Eddy Nigg wrote:
On 05/21/2010 03:23 AM, From Matt McCutchen:
On May 19, 11:28 am, Eddy Niggeddy_n...@startcom.org wrote:
Well, just for the record, lets get this strait - there are no false
positives. I have NEVER encountered an error with a web site
When I hit reply the mozilla groups bounces my email, so replying off list.
m...@mattmccutchen.net wrote:
I'm not claiming that the user knows. I only said that if there is in
fact no impersonation, then the error is a false positive.
If you're going to redefine what a false positive is than
11 matches
Mail list logo
