(please send follow-ups to mozilla.dev.tech.crypto)
Brian has in the past discussed proposed updates to NSS that would allow
us to penalize bad CA behavior by removing trust of all certs from a
given CA that were issued after a given date (or even for X amount of
time after a given date).
On 19/02/12 04:30, Jan Schejbal wrote:
A different interesting approach for a punishment could be removal of
the ability to create Sub-CAs. This would not put a CA out of business
like other solutions, but hurt it and most importantly, remove an
extremely risky ability.
This could probably be
On 2/18/12 11:30 PM, Jan Schejbal wrote:
Am 2012-02-19 02:46, schrieb Stephen Schultze:
Brian, any thoughts on this? Is this something we should be holding out
for, or should we look to other approaches?
A different interesting approach for a punishment could be removal of
the ability to
I would like to know the rough workflow to verify a certificate
against a user-supplied root store. Specifically, what NSS functions
would one use for that purpose? I have looked at various headers
(nss.h, cert.h, pk11pub.h, etc.) and searched the web for usage
examples, but could not stich
I've been trying for quite a while to figure out how to sign a digital
object using JSS in FIPS mode with a keypair imported from a PKCS12
file into the JSS/NSS databases. Unfortunately, I cannot get it to
work, as anything oriented to getting the private key available for
signing returns null
While doing SSL handshake my code returns the Data transfer
interrupted error. I must say that the socket library that I have
doesn't have a non blocking recv.
What I observed with the SSL trace logs from my Windows code is as
follows:
1. Socket thread keeps sending GET requests
2. nsSSLThread
6 matches
Mail list logo
