Hello everybody, I have a problem with certificate chains (I have been
exploring through the mailing list archives and i haven't seen it) sorry
if it is a repeated topic.
I have a PKI with 3 levels:
1. A root self-signed certificate at the first level
2. Sub certification authorities certified by
Hi!
To decrypt some ciphertext with the private key from a smart card I need to
unwrap the private key first with the following code:
rv = C_UnwrapKey(session,
wrapMech,
unwrappingKey,
wrappedKey,
wrappedKeyLen,
template, 4,
unwrappedKey);
We all know how sexy she can be!!
s4W,ob)PKnlw\7ujwwvD\^$kH;[EMAIL PROTECTED]
___
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
I've discovered bug 108021
http://bugzilla.mozilla.org/show_bug.cgi?id=108021
and the steps that have been taken so that NSS ignores next update when
checking a CRL.
I'm surprised the security implication of that were not taken more into
account before implementing it. I'm a bit shocked by such
Hi,
[EMAIL PROTECTED] wrote:
I have a PKI with 3 levels:
1. A root self-signed certificate at the first level
2. Sub certification authorities certified by the first one at second level
3. User certificates certified by second level authorities at third level.
That is a fairly typical PKI.
All
Is there a way to get PSM to make any use of the crl distribution point
(crldp) extension ?
How is it handled within NSS ? (I could check the source/doc. I will if
nobody feels inclined to respond)
___
mozilla-crypto mailing list
[EMAIL PROTECTED]
Jean-Marc,
Jean-Marc Desperrier wrote:
All in one, I don't think it's a good pratice at all not to include this
verification inside the crl check function.
There is no client that should have a need to continue to trust an
outdated crl.
It's standard practice that if the only available crl is
Jean-Marc,
Jean-Marc Desperrier wrote:
Is there a way to get PSM to make any use of the crl distribution point
(crldp) extension ?
How is it handled within NSS ? (I could check the source/doc. I will if
nobody feels inclined to respond)
Or you could type distribution point in bugzilla query