On 081018 at 20:30, Nelson B Bolyard wrote:
FF3 had utterly failed to convey to her any understanding that she was
under attack. The mere fact that the browser provided a way to override
the error was enough to convince her that the errors were not serious.
I find it amazing that someone
On 071216 at 01:50, Nelson Bolyard wrote:
Steffen Schulz wrote, On 2007-12-12 10:34:
On 071209 at 03:55, Nelson Bolyard wrote:
If FF doesn't have any built-in UI for SRP, I think I have a harder time
justifying the inclusion of SRP in NSS. I think it's a feature that
would be included
Hi,
On 071213 at 16:30, Michael Ströder wrote:
Steffen Schulz wrote:
SRP is a great protocol also for authentication against your email
provider or WLAN[1] access point.
[..]
That said, I agree that web-authentication is the major use case for
TLS-SRP in NSS.
Hmm, without having
On 071209 at 03:55, Nelson Bolyard wrote:
If FF doesn't have any built-in UI for SRP, I think I have a harder time
justifying the inclusion of SRP in NSS. I think it's a feature that
would be included exclusively for use in the browser, so if the browser
can't use it out of the box, there may
Hi all,
I was hoping for some feedback on bug 405155, which adds support for TLS-SRP.
Are the core devs that busy right now?
(I also thought subscribing to this list would enable me to follow the
current development around nss/psm. Do you just use bugzilla?)
regards,
steffen
--
Bildet
On 070825 at 02:10, Nelson B wrote:
IIRC, the problem is not DSA but rather DHE. NSS does not presently
support any DHE cipher suites on the server side, and it so happens
that all the DSA cipher suites are also DHE cipher suites. IIRC,
the missing code is not for DSA but for DHE. The issue
On 070824 at 03:20, Wan-Teh Chang wrote:
Is usage of DSA-suites disencouraged? How can I test them?
No, the use of DSA ciphersuites is not discouraged. But we haven't
implemented DSA ciphersuites on the server side. They are only
implemented on the client side. I believe this is the
On 070824 at 16:47, Wan-Teh Chang wrote:
On 8/24/07, Steffen Schulz [EMAIL PROTECTED] wrote:
Yes, most of the missing code is in the SSL library. There is a
work-in-progress patch in the bug report for this feature:
https://bugzilla.mozilla.org/show_bug.cgi?id=102794
I see.
No, I'm
On 070824 at 03:20, Wan-Teh Chang wrote:
Is usage of DSA-suites disencouraged? How can I test them?
No, the use of DSA ciphersuites is not discouraged. But we haven't
implemented DSA ciphersuites on the server side. They are only
implemented on the client side. I believe this is the
Hi,
I want to test DSA ciphersuites, but 'server' and 'selfsrv' seem to be
unable to handle them.
I changed the source to enable some TLS-DSA suites but it seems
the ssl library is not being supplied with a valid certificate.
I created the dsa certificates with:
openssl pkcs12 -export -in
Hi all,
I'm currently implementing draft-ietf-tls-srp-13 in NSS/SSL.
I did not find suitable test programs. I mean something like openssl
or gnutls-cli. It seems I would have to dig through the test shell
scripts and programming examples to find or program such a tool and
make it find the nss
On 070204 at 16:00, Ben Bucksch wrote:
In private discussion, Eddy of StartCom suggested SSL CA certs for
* internal sites (company webmail/IMAP, VPN etc.)
* private discussion (blogs, forums, chat)
* generally everything where you supply a login/password.
I think other solutions
12 matches
Mail list logo