On 04/07/2011 04:50 AM, Ignatenko, Aleksey V wrote:
Hi,
My name is Aleksey Ignatenko, I'm software engineer at Intel.
I want to suggest integrating two performance enhancements from the trunk to
the 3.12 branch - for NSS users to see NSS performance improvement in the
nearest release
On 03/28/2011 05:32 AM, Superpacko wrote:
On 23 mar, 14:40, Robert Relyea rrel...@redhat.com wrote:
On 03/23/2011 06:24 AM, Superpacko wrote: Well, so i 've been told that i
shuld be able to extract the MPI as
bytes and pass it to NSS since GPG original key format is PEM, i
should be able
On 03/23/2011 06:24 AM, Superpacko wrote:
Well, so i 've been told that i shuld be able to extract the MPI as
bytes and pass it to NSS since GPG original key format is PEM, i
should be able to use MPIs data as raw bytes.
If it's really PEM (which should be a printable string), then you should
On 03/22/2011 10:20 PM, Crypto User wrote:
For creating hash I found 2 sets of APIs .
There seem to be different APIs.
E.g CreateDigestContext(SECOidTag hashAlg) and PK11_DigestBegin
related APIs in
https://developer.mozilla.org/en/NSS/Cryptography_functions
or
MD5_Begin() and related hash
On 03/23/2011 01:32 PM, Crypto User wrote:
On Mar 23, 12:05 pm, Honza Bambas honzab@firemni.cz wrote:
On 3/22/2011 10:29 PM, Crypto User wrote: Hi ,
I am trying to create APIS which will provide Hashing functionality
to end user. I am using NSS to provide this on Linux.
I was trying to
On 03/23/2011 02:02 PM, Honza Bambas wrote:
On 3/23/2011 9:32 PM, Crypto User wrote:
On Mar 23, 12:05 pm, Honza Bambashonzab@firemni.cz wrote:
On 3/22/2011 10:29 PM, Crypto User wrote: Hi ,
I am trying to create APIS which will provide Hashing functionality
to end user. I am using
On 03/22/2011 02:23 AM, silent...@gmail.com wrote:
Well, the reasons are at least obvious to us :) - the card is supposed
to be in use for least 5 years. Card owners (Health Care Providers in
our case) should be able to use various email providers for exchanging
medical reports. The email
On 03/22/2011 03:09 PM, silent...@gmail.com wrote:
Thank you for the reply!
On Mar 22, 7:00 pm, Robert Relyea rrel...@redhat.com wrote:
Unless there is an authoritative way to bind the cert to a given email
address, there is no way to use those certs for email. If you want email
certs
On 03/18/2011 08:06 AM, Superpacko wrote:
On 17 mar, 18:35, Robert Relyea rrel...@redhat.com wrote:
On 03/17/2011 11:33 AM, Superpacko wrote:
On 17 mar, 15:20, Robert Relyea rrel...@redhat.com wrote:
On 03/16/2011 01:54 PM, Superpacko wrote: Hi, im working on a software
that uses GPG
On 03/16/2011 01:54 PM, Superpacko wrote:
Hi, im working on a software that uses GPG as a Key Manager but leaves
the encryption operations to NSS. I'm having a hard time trying to
figure out how to import GPG's public and private keys in NSS.
GPG stores the keys in PKT_public_key and
On 03/17/2011 11:33 AM, Superpacko wrote:
On 17 mar, 15:20, Robert Relyea rrel...@redhat.com wrote:
On 03/16/2011 01:54 PM, Superpacko wrote: Hi, im working on a software that
uses GPG as a Key Manager but leaves
the encryption operations to NSS. I'm having a hard time trying to
figure out
On 03/15/2011 02:50 PM, Gil Bahat wrote:
Well, I didn't want to get much into the reasoning but then again I suppose I
can't avoid it. For a short synopsis, I'd say I'm trying to write a mechanism
similar to NSS key log mechanism.
In more detail:
You can see my project listed here:
On 03/02/2011 03:28 PM, Wan-Teh Chang wrote:
On Wed, Mar 2, 2011 at 3:23 AM, Gervase Markham g...@mozilla.org wrote:
Usually, we prefer mentors to propose projects because then we know that the
project is something the mentor is interested in mentoring, and we can
assess the project as being
On 03/01/2011 08:43 AM, Jean-Marc Desperrier wrote:
Robert Relyea wrote:
About the
only use I could reasonable see for it would be to support PKCS #11
modules.
The other use would be as an optimized base for a big num
implementation, and that's what the original distribution says : ANSI
C
On 02/28/2011 09:03 AM, Jean-Marc Desperrier wrote:
Hi,
There was some talk last october about accessing the mp_int API from
javascript, and so freezing it in order to make it available as a
frozen API.
We currently don't even expose the mpi API for good reason. About the
only use I could
On 02/28/2011 08:20 AM, Jean-Marc Desperrier wrote:
For context, from a message I wrote in last October :
Given the number of protocols that include SRP (SSL/TLS, EAP, SAML),
given that there's already a proposed patch for NSS (bug 405155, bug
356855), a proposed patch for openssl (
On 02/08/2011 07:56 AM, Gervase Markham wrote:
On 05/02/11 21:13, Nelson B Bolyard wrote:
2) After 14 years of working on SSL/TLS for browsers, I can tell you
that
browsers will all ignore the paragraph that says Clients SHOULD NOT
allow
users to force a connection I suppose that
On 02/06/2011 09:11 AM, Zack Weinberg wrote:
On 02/05/2011 02:55 PM, Eddy Nigg wrote:
However probably the optimal approach will be CA issued certs in DNS
that also make use of DNSSEC to validate the former (DV). Eventually I
believe that this will emerge as the real improvement and most
On 02/04/2011 09:08 AM, PeachUser wrote:
Hi ,
CAn somebody please answer my question. It is really critical.
Thanks
On Feb 2, 12:41 pm, PeachUser anupama.jo...@gmail.com wrote:
Hi,
I want to build certifiacte chain using a certifiacte passed by user
and some certificates which are already
On Fri, Feb 4, 2011 at 9:59 AM, Robert Relyea rrel...@redhat.com wrote:
Hi,
I want to build certifiacte chain using a certifiacte passed by user
and some certificates which are already there in the certDB.
I am using CERT_NewTempCertificate(certDB, certItem, NULL, PR_FALSE,
PR_TRUE); to add
On 02/02/2011 04:48 AM, Gervase Markham wrote:
On 01/02/11 23:03, Robert Relyea wrote:
1) use request/not require certificate. If a certificate is supplied,
that will show up in the initial handshake. The certificate will tell
the server which account and you can bypass login altogether
On 02/01/2011 12:02 PM, Marsh Ray wrote:
On 02/01/2011 10:56 AM, Gervase Markham wrote:
Dear crypto-hackers,
Your thoughts on the following problem would be appreciated.
Goal: fix bug 570252. Provide 2-factor authentication for some Bugzilla
accounts.
On 01/30/2011 03:04 AM, Nelson B Bolyard wrote:
On 2011-01-30 02:30 PDT, Matej Kurpel wrote:
On 30. 1. 2011 10:57, Nelson B Bolyard wrote:
Yes, the P7M holds all those encrypted copies of the key that
encrypts the main message, and of course, the ciphertext produced
with that key, And cert
Depends on what you're trying to accomplish, what question you're trying
to answer. If the question is merely are these two certs identical
then comparing both from stem to stern is a very good way. If you're
trying to ask do these two certs identify the same subject, then you
may need to
On 01/26/2011 04:38 AM, Martin Boßlet wrote:
Hello,
I'm facing this problem currently with Firefox (3.6.13 Linux):
I want to authenticate to a server using TLS client authentication, so
I imported a PKCS#12 file for this purpose.
Unfortunately the certificate is from an internal CA that does
On 01/22/2011 04:58 AM, Kaspar Brand wrote:
On 20.1.11 20:57, Robert Relyea wrote:
On 01/19/2011 10:36 PM, Kaspar Brand wrote:
That's certainly doable, but I don't think the NSS build system has
support for building universal binaries (you'd have to fiddle with lipo
yourself).
I think
On 01/13/2011 10:46 AM, Bernhard Thalmayr wrote:
Hi again,
today I a built a debug version of NSS 3.12.8 (as I haven't found
3.12.9 yet)
I wouldn't expect 3.12.9 to fix the problem, as you seem to be running
into a unique issue.
The issue is still there, but occours much later then with
On 01/12/2011 01:26 PM, Bernhard Thalmayr wrote:
So here we go ... the PCKS#11 logger shows the following
331569088[1bd1610]: C_DigestUpdate
331569088[1bd1610]: hSession = 0x88
331569088[1bd1610]: pPart = 0x6e580a4
331569088[1bd1610]: ulPartLen = 70
331569088[1bd1610]: rv = CKR_OK
Release notes are coming soon.
The tag is NSS_3_12_9_RTM.
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 01/11/2011 12:51 PM, Bernhard Thalmayr wrote:
Hi Wan-Teh,
thanks for your reply.
Will it be helpfull to use the 'PKCS #11 Module Logger' before
starting with 'printfs'?
I tried that and get at least some output in the specified log.
-Bernhard
yes, that will tell you which PKCS #11
On 01/05/2011 12:33 PM, Anders Rundgren wrote:
Matej Kurpel wrote:
On 4. 1. 2011 22:23, Robert Relyea wrote:
On 01/03/2011 01:04 PM, Anders Rundgren wrote:
Hi,
I'm in the starting phase upgrading Firefox so that it can provision
credentials in a way that that banks and governments require
On 01/05/2011 12:50 PM, Nelson B Bolyard wrote:
On 2011-01-03 13:04 PDT, Anders Rundgren wrote:
Hi,
I'm in the starting phase upgrading Firefox so that it can provision
credentials in a way that that banks and governments require which
among many things include E2ES (End-to-End Security) and
On 01/03/2011 01:04 PM, Anders Rundgren wrote:
Hi,
I'm in the starting phase upgrading Firefox so that it can provision
credentials in a way that that banks and governments require which
among many things include E2ES (End-to-End Security) and issuer-
specified PIN-codes (or just policies
1. Oracle move:
Tinderbox is up.
Build machines are up.
NISCC tests are running.
Some tests machines are still failing
2. NSS 3.12.9
There are 2 changes to be picked up before Friday.
Alexi has some changes, but won't be ready until January. We'll
release a 3.12.10 for Alexi's
NSS 3.12.9 schedule
NSS 3.12.9 beta2 is tagged and in FF 4.0 Beta 8
Once our release build and release regression tests pass this build
will be marked RC1.
RTM will not be before 12/17. We'll know more on 12/16.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On 11/20/2010 07:56 AM, Matej Kurpel wrote:
On 16. 11. 2010 14:53, Matej Kurpel wrote:
Hello,
I am implementing a PKCS#11 module and have just implemented
C_GenerateKeyPair. For this purpose, I have set up a html page with
the keygen tag which sends the form data to my php script to write
On 11/18/2010 03:08 PM, Brian Smith wrote:
(Note that this is to: dev-tech-crypto)
Short Version: We are looking at taking a private patch for one Firefox beta
cycle in mozilla-central to export the MPI functions from FreeBL on all
platforms in our private copy of NSS. Then, we could push
On 11/10/2010 05:34 AM, Matej Kurpel wrote:
Hello,
I am implementing a PKCS#11 module for Thunderbird and I have stuck
upon a weird behavior of Thunderbird. Let me explain:
For the purposes of testing, I have created a second gmail account. I
have also generated the keys and certificate for
On 11/01/2010 12:33 AM, Matej Kurpel wrote:
Hello,
I am implementing a PKCS#11 module. Today I tried to send encrypted
e-mail to my second gmail account, and it works perfectly (in fact,
nothing is needed from my token to support this). However, when the
message arrives and I try to read it,
On 10/28/2010 11:39 PM, Deepak wrote:
Hello,
I've been trying to import an AES 256 encrypted RSA Private Key
imported into NSS, to function as a PKCS 11 AES Secret Key
Object (aka object class CKO_SECRET_KEY, key type CKK_AES), but have
been unsuccessful.
Confusion. Do you mean a pkcs
On 10/29/2010 03:36 PM, Deepak Kumar wrote:
Rob, thanks for the response.
This is still a new domain for me, so undoubtedly I'm getting some
terminology mixed up.
Backing up, and to try and be clear, what I'm trying to do is import a
symmetric AES encryption key into NSS.
OK
On 10/25/2010 11:30 PM, James Yonan wrote:
I'm trying to do a programmatic certificate import into Firefox 3.x
using NSS_Initialize, PK11_GetInternalKeySlot,
CERT_DecodeCertFromPackage, PK11_ImportCert, and CERT_ChangeCertTrust.
I've seen various postings on this list in the past that seem to
On 10/26/2010 08:52 AM, Marcio wrote:
Hi there,
Running certutil -U -d 'dir of db on my profile' I can not see the
token and slot with my certificate.
I´m using:
a) certutil (compiled as WIN954_64 with MSVC9 64)
b) SafeSign (aetpkss1.dll) (64 bits)
c) Gemplus Smart Cardd Reader
d)
On 10/26/2010 12:06 PM, Marcio wrote:
On 26 out, 14:41, Robert Relyea rrel...@redhat.com wrote:
On 10/26/2010 08:52 AM, Marcio wrote:
Hi there,
Running certutil -U -d 'dir of db on my profile' I can not see the
token and slot with my certificate.
I´m
9) cd jss../mozilla/security/jss
10) make
results:
Makefile:49: ../coreconf/config.mk: No such file or directory
Makefile:69: ../coreconf/rules.mk: No such file or directory
make: *** No rule to make target '../coreconf/rules.mk'. Stop.
This seems a bit bizarre. I you built NSS from
On 10/23/2010 02:36 PM, al...@yahoo.com wrote:
On 10/12/2010 4:38 PM, Robert Relyea wrote:
On 10/08/2010 10:58 AM, al...@yahoo.com wrote:
I noticed when moving a profile that secmod.db retains the old absolute
profile path (configdir='...')
Is the path used for anything?
Not by default
On 10/20/2010 05:13 PM, Brian Smith wrote:
See https://bugzilla.mozilla.org/show_bug.cgi?id=601645.
The following internal functions and data structures in FreeBL that would be
used Firefox 4.0 Sync's J-PAKE implementation through JSCtypes (a mechanism
for calling native code through
On 10/20/2010 06:29 PM, Brian Smith wrote:
Brian Smith wrote:
(Because of Firefox Sync, we are now always going to have crypto
features that won't work in FIPS mode.)
Sigh, ignoring FIPS mode in a feature, is usually a red flag. It means
you are handling CSP's where you really
On 10/18/2010 05:06 PM, Brian Smith wrote:
[I cannot participate in any legal discussions now. Please don't ask
me questions about legal stuff.]
We (Mozilla) are are exploring some approaches to statically link NSS
into Firefox to reduce dynamic linkage overhead caused by the NSS
shared
On 10/11/2010 09:52 PM, Peter Djalaliev wrote:
Hello,
I've seen here:
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/388343d7bf3746c8/72fa1ee248ed91db?lnk=gstq=DHE#72fa1ee248ed91db
and here:
On 10/08/2010 10:58 AM, al...@yahoo.com wrote:
I noticed when moving a profile that secmod.db retains the old absolute
profile path (configdir='...')
Is the path used for anything?
Not by default. There are a number of parameters there, but when the
applications initializes NSS, the values it
4) ???
Probably 4 - JSS experts are getting few and far between on this mailing
list.
;(
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 09/15/2010 03:39 PM, Wei Deng wrote:
I am Wei Deng working in mozilla China. Most Chinese e-banks support IE only,
because they use MS' activex techs. We have cooperated with CCB(one of the
biggest banks in China), and most work has been finished. Maybe it will be
online as soon as
On 09/10/2010 10:10 AM, Vasily Sakharov wrote:
Hi Robert,
By chance as I can see you are one of the most active gurus in both
PKCS#11 and mozilla lists.
BTW, thanks for your comments as to our GOST related addons into P#11 v2.30.
Hereby I just wonder whom we have to be in touch as to
On 09/08/2010 05:52 AM, tedx wrote:
On Sep 8, 3:09 am, Nelson B nel...@bolyard.me wrote:
On 2010/09/07 17:08 PDT, tedx wrote:
I've hacked up something to try but I've now encountered a
compilation error that I don't understand. Has anyone else seen this?
nss_signing.c: In function
On 08/27/2010 03:46 PM, Wan-Teh Chang wrote:
I propose that we remove SSL 2.0 support from the NSS
trunk (NSS 3.13).
SSL 2.0 is an old and insecure protocol. No products
should be using SSL 2.0 today. But removing the SSL
2.0 code from NSS has one major benefit to the continual
On 08/23/2010 12:00 AM, Brian Smith wrote:
Nelson B Bolyard wrote:
It's all about making it difficult enough that people start to ask why is
this
obviously more difficult than the casual developer thinks it must be?
Thank you. That makes a lot of sense. My understanding is
On 08/13/2010 05:37 AM, Konstantin Andreev wrote:
On 08/13/10 04:44, Robert Relyea wrote:
On Wed, Aug 11, 2010 at 1:18 PM, Matej Kurpelmkur...@gmail.com
wrote:
[ ... skip ... ] Later, thunderbird asks for its attributes
CKA_TOKEN and CKA_LABEL but gives zero-sized buffers for both
values
Guys, I figured out that Thunderbird didn't like this assignment of
CKA_TOKEN when assigning the values (with the buffers of right sizes
already allocated):
pTemplate[i].pValue = (CK_BBOOL *)TRUE;
(but it compiled fine). I changed it to
*((CK_BBOOL *)pTemplate[i].pValue) = TRUE;
Oh, yes, The
On 08/11/2010 09:53 PM, Wan-Teh Chang wrote:
On Wed, Aug 11, 2010 at 1:18 PM, Matej Kurpel mkur...@gmail.com wrote:
Hello,
I am trying to implement a PKCS#11 module for my diploma thesis. It is
intended to be used with thunderbird. I am using opensc pkcs11-spy module to
debug it. I have
On 07/17/2010 04:13 PM, Nelson B Bolyard wrote:
FIPS 140 will not allow *any* hardware pure noise source to be used by
itself as a random number/bit source. Instead, such a source MUST be
fed into a DRBG from which any internal random data is taken.
Some of the FIPS 140 requirements are a
On 07/23/2010 12:41 PM, msg wrote:
msg nos...@nospam.nowhere wrote in
news:xns9dbd9d232636bnospamnospamnowh...@216.196.97.169:
Greetings:
The utility 'sec-key' bundled with Netscape Enterprise Server
3.63 only generates 1024 bit keys; finding a CA with good browser
acceptance who will
On 07/05/2010 04:13 PM, james07 wrote:
I notice the cert8.db and key3.db files get updated only when the JVM shuts
down. That may explain why the new certificate doesn't show up. Is this
(update of the db files) the expected behavior? It seems strange. Is there a
way to commit the change?
On 07/05/2010 06:28 PM, Subrata Mazumdar wrote:
I not sure about the current version (3.6) of FF, but earlier versions
(FF 2.0 and 3.0), the key/certificate DB did not support multiple
write interfaces i.e. DB write using one API does not get propagated
to other API. As a result, keys/certs
On 07/12/2010 03:07 PM, Robert Relyea wrote:
On 07/12/2010 01:25 AM, waldemar.ko...@max.com.pl wrote:
Hi,
upgrading to FF 3.6.x (latest checked - 3.6.6) causes Java
applets to stop loading over mutual SSL connection.
The same setup works correctly in FF version 3.5.3.
I've tried
On 06/30/2010 10:47 PM, james07 wrote:
Hi,
I have an applet that uses JSS to import an RSA keypair into Firefox's
keystore, as per the following code.
CryptoManager.initialize(C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\y78kp7l6.default);
CryptoManager
Yes, it works correctly, so I assume that it doesn't use the extra
bytes. It is however not just reading uninitialized memory (which
valgrind usually tracks correctly), but it reads unallocated memory.
It is also interesting that it doesn't read beyond the bounds for
small sizes, so it
On 06/19/2010 01:43 PM, Mads Kiilerich wrote:
Hi
I'm trying to port an application from OpenSSL to NSS. The biggest
problem right now is that valgrind reports that NSS accesses invalid
memory when using RC4. There is no problem with chunk sizes up to 8
and sizes divisible with 4, but for
On 06/17/2010 04:18 PM, Nelson B Bolyard wrote:
On 2010-06-17 13:45 PDT, Klaus Heinrich Kiwi wrote:
If I'm coding a PKCS#11 module, how exactly the -string parameter
from modutil gets passed down to the library?
i.e.,
$ modutil -add mylib -libfile /lib/mylib.so -string my conf string
I
On 06/13/2010 05:24 PM, Robin H. Johnson wrote:
On Sun, Jun 13, 2010 at 03:08:07PM -0700, Nelson B Bolyard wrote:
On 2010-06-13 13:02 PDT, Robin H. Johnson wrote:
On Sun, Jun 13, 2010 at 02:02:39AM -0700, Nelson B Bolyard wrote:
The root of the problem is that the shared
Private Key and
Certificate Services, then they will still be able to export their keys.
bob
I highly recommend familiarizing your self with the PKCS #11 spec or
none of they things I said will make sense.
thanks.
在 2010年6月11日 上午12:34,Robert Relyea rrel...@redhat.com
mailto:rrel...@redhat.com
On 05/31/2010 02:02 AM, Sebastian Mayer wrote:
Hi All,
I'm having some difficulties in creating a simple AES key as follows:
CK_OBJECT_HANDLE hKey;
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_KEY_TYPE keyType = CKK_AES;
CK_BYTE keyValue[] = {
0x01, 0x23, 0x45,
On 06/01/2010 07:47 AM, Konstantin Andreev wrote:
Not a policy issue I suppose... Some days ago I have found that:
No one block cipher MAC'ing mechanism is working in either current
release or trunc NSS, in either mode.
I've already investigated the issue and about to file a bug this or
On 05/26/2010 06:57 AM, Bud P. Bruegger wrote:
Hello everyone,
I thought this was an FAQ but couldn't find anything searching around.
I'd like to put my key3db, cert8db on a USB pen drive to have a
portable soft token with some user certs that I can use from
several PCs (work, home) that
intent of a self signed and unknown certificate (i.e. is it
legitimate, or a man in the middle) without any external help
represents a failing is to show a pretty fundamental lack of
understanding as to how this all works.
Once again, I make no such claim. I said that if there is in
On 05/21/2010 07:52 AM, Gervase Markham wrote:
On 21/05/10 05:36, Matt McCutchen wrote:
I'm not claiming that the user knows. I only said that if there is in
fact no impersonation, then the error is a false positive.
This seems a fine definition to me.
If the browser says OMG - someone
On 05/19/2010 02:51 PM, Bud P. Bruegger wrote:
Hello, I would like to ask your advice on how to best deal with a
problem related to deleting certificates/keys.
I'm currently experimenting with creating short-lived certificates for
TLS-client-authentication using the keygen element. While it
Check esp. section 7.6 So What Can We Do?.
This paper is about a year old, and we discussed it here when it was
now.
My favorite quote:
Given a choice between dancing pigs and security,
users will pick dancing pigs every time.
The quote above was taken out of context. The
That results in 2 questions from me:
1. What is the criteria of NSS for distinguishing between own and
others certificates?
2. I recently read that there is a hidden flag to mark a token
implementation as friendly, allowing to search for certificates
without logging in. Is there any
On 04/28/2010 03:37 AM, David Stutzman wrote:
On 4/27/2010 12:32 PM, Nelson B Bolyard wrote:
Hi David, Long time ...
I've been lurking...I still read the messages almost every day. Nice
to see you're still around as well.
Are your newly built NSS shared libs in a directory in your
On 04/27/2010 09:32 AM, Nelson B Bolyard wrote:
On 2010-04-27 07:07 PST, David Stutzman wrote:
I just built nss-3.12.6 with the tarball from mozilla.org[1] and when I
try to create a new DB using certutil -N -d . I get the following
error. I'm running certutil out of the dist folder in
On 04/15/2010 03:58 PM, Saran wrote:
I am trying to generate output responce vectors for RSA Key Gen Known
Answer test for our FIPS validation.
I presume this is for algorithm certs (not the known answer power on
self tests).
The KeyGen RSA request file has input values like modulus, e,
On 04/14/2010 03:30 PM, huican wrote:
Hello Bob,
Thanks for your reply...
I have more questions inline ;
On Wed, Apr 14, 2010 at 5:15 PM, Robert Relyea rrel...@redhat.com
wrote:
On 04/14/2010 02:58 PM, huican wrote:
Hello,
I am new to NSS crypto, I just wonder whether
On 04/14/2010 02:58 PM, huican wrote:
Hello,
I am new to NSS crypto, I just wonder whether there is any easy way to
use my own crl_callback function for CRL check.
No, there isn't a callback, there is a verify function that allows you
to control just about every possible semantic of
The NSS team just completed its 5th FIPS validation with NSS 3.12.4.
NSS again has been validated up to Level-2 on Solaris (#1279, sparc and
x86), Level-2 on RHEL5 (#1280, 64 and 32 bit), and Level-1 on Mac and Windows
(#1278).
In 1997, NSS was the first software module to get FIPS Level-2
On 04/07/2010 09:35 PM, Nelson B Bolyard wrote:
We plan on alerting users in a future update. This is fair warning
to server operators and those who are debugging their sites.
If this is a real threat don't users deserve a fair warning now?
I fully agree! If users are
On 03/31/2010 05:26 AM, Eddy Nigg wrote:
[ Please follow up to mozilla.dev.tech.crypto ]
After some discussion at bug 554594 I'm following up here - the bug
was unfortunately misused by me a little for the initial discussion.
At https://wiki.mozilla.org/Security:Renegotiation under item 4.4
On 03/30/2010 03:38 PM, rbellamy wrote:
I apologize if this has already been covered, or if it falls under the
umbrella of stoopid questions.
I'm trying to work through the FIPS sample, and am having a difficult
time.
First of all, the includes call out to cryptoki.h, which doesn't
seem to
On 03/16/2010 03:48 AM, Jean-Marc Desperrier wrote:
Robert Relyea wrote:
The crypto object offers a logout method that does it.
http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsCrypto.cpp#2875
This will get Anders what he needs right now. (side effect, everything
On 03/11/2010 10:57 AM, Wan-Teh Chang wrote:
2010/3/11 Robert Relyea rrel...@redhat.com:
The Microsoft thing is also non-standard. (and also not well documented
-- which version of IE did it show up in?).
I found it documented at
http://msdn.microsoft.com/en-us/library/ms536979(VS
On 03/15/2010 10:03 AM, Gregory BELLIER wrote:
Robert Relyea a écrit :
In sslsock.c, I print ssl3_CipherPrefSetDefault and I can see that my
cipher is not enabled.
Do you have any hints/tests which could help me ? Some tests I could
do ?
What am I missing ?
OK, this is your
On 03/12/2010 10:12 PM, Anders Rundgren wrote:
Why is replacing the 15 year old Netscape hack suddenly a bad idea?
Because you cannot create a secure provisioning system without having
some kind of [by the issuer recognizably] predefined key in the token.
With such a key, the token would be
On 03/11/2010 05:59 AM, Anders Rundgren wrote:
Hi,
I can't help it, but TLS client cert auth is really a very crappy system
when used in browsers. I was a little bit surprised once when I logged
on to the Swedish tax department, then did logout, and returned still
being logged in!
In sslsock.c, I print ssl3_CipherPrefSetDefault and I can see that my
cipher is not enabled.
Do you have any hints/tests which could help me ? Some tests I could do ?
What am I missing ?
OK, this is your overall problem. If NSS does not have a cipher enabled,
it will neither advertise it
On 03/06/2010 02:00 PM, Nelson Bolyard wrote:
On 2010-03-02 10:06 PST, davidwboswell davidwbosw...@yahoo.com wrote:
I maintain a list of applications that use Mozilla technologies in
their projects and wanted to add more examples of projects that use
NSS.
The NSS team has just RTM'ed NSS 3.12.6.
The primary feature of NSS 3.12.6 is support for the TLS Renegotiation
Indication Extension, RFC 5746.
Release notes are forthcoming with other additions and bug fixes.
In addition, a new version of JSS has been released, JSS 4.3.2 which allows
On 02/01/2010 02:09 AM, Helge Bragstad wrote:
Hi,
My understanding from previous postings on this list is that the
CKA_ALWAYS_AUTHENTICATE + CKU_CONTEXT_SPECIFIC features of PKCS #11
are not supported in NSS. Is this likely to be implemented in the near
future?
Actually, that's not the
where the key is stored saved as well. The different
is CKA_ID is a persistant across different program instances and
CK_OBJECT_HANDLE is not.
bob
Thanks,
Kai
On Wed, Jan 27, 2010 at 8:40 PM, Robert Relyea rrel...@redhat.com wrote:
On 01/27/2010 03:38 PM, Kai Chan wrote:
Hi
On 01/28/2010 03:22 PM, Kai Chan wrote:
Thank you for clarifying. I was trying to figure out the details from this
portion in the PK11 FAQ (https://developer.mozilla.org/en/PKCS11_FAQ) :
How is private key handled when an external PKCS #11 module is loaded?
Is it picked up from the token
On 01/27/2010 03:38 PM, Kai Chan wrote:
Hi,
From what I gather, keys are generated with matching certificates.
If you mean 'when keys are generated, they have matching certs', then
the answer is no. Keys are generated bare. When the cert is imported, it
'latches' on to the keys that it's
201 - 300 of 458 matches
Mail list logo
