?
While my bug posting
(https://bugzilla.mozilla.org/show_bug.cgi?id=294730) was theoretical
but more then possible, at least 1 company that shows up in browsers
(and verified by webtrust) is actually doing it.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http
of
being CAs... or any for that matter...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net
and konqueror which we tend to get a lot of emails about, the
developers are aware of this (there is a bug request) however this isn't
one of the features they've back ported from the safari code (or made
their own version of)
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http
-expensive program where they will embed
specific certificate extensions into their end-user/client certificates.
I'd go the self signed option or CAcert.org is also free...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164
as *.net. The list of these domains is pretty long and
isn't exactly static.
The point is, what if, especially if a country as big as china, or the
US, or any other number of countries for that matter applied pressure to
make it happen...
--
Best regards,
Duane
http://www.cacert.org - Free Security
in
human readable form at all via mozilla software...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over
Duane wrote:
I should have expanded a little more on my point, I know for a fact a
lot of people don't book mark their banking URLs because they've been
told often/long enough to type the url in by hand to be sure they're
really connecting to the bank, these are people who aren't computer
for * what security benefit is there in seeing the host
name...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over
bubble thing that pops up when
you mouse over the padlock showing any information including the CA
logo... Then of course it disappears the moment you move your mouse out
of that area of the screen.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com
Gervase Markham wrote:
It's possible that a version of petnames which was closely integrated
with the bookmark shortcut mechanism might work. I'd need to think about
it more.
And for those of us that don't book mark?
--
Best regards,
Duane
http://www.cacert.org - Free Security
Ram A Moskovitz wrote:
Duane - my sincerest apologies to you if I have offended you, it was
never my intent.
No apology necessary, I think I've grown scales at times at how little
offends me :)
Although I hope this discussion has given you a little more insight into
how others feel about
,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers
Michael Vincent van Rantwijk wrote:
Think about the akamai mirrors for US sites for European contries.
Why can't they have their servers with unique host names?
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
could
be installed as well, so an end point compromised you're pretty much
screwed, they don't even go to the trouble of installing certs, they
just key log instead.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network
are speaking...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164
authority
Considering how little I think of our government when they bend over
backwards to accommodate the US government (That would be a no btw)
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http
Ian G wrote:
I think Duane is in Australia. Are you saying
that he should be happy with any legitimate
request from the US government? Or are you
suggesting that the Australian Federal Police
could serve a warrant to Verisign in the US to
issue some certs?
The AFP wouldn't have to go to all
reasonable to whom, and which government can lie the most to get what it
wants... Healthy dose of cynicism? :)
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications
, but good old caching engines :)
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org
for a new country, any good ones with liberal laws? :)
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net
certificate fingerprints changing, so if you want more information
about my political persuasions I'll be happy to continue this off list.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com
,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers
, it was hastily marked as invalid.
http://blog.cacert.org/2005/05/43.html
http://bugzilla.mozilla.org/show_bug.cgi?id=294730
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications
regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk
Jean-Marc Desperrier wrote:
Duane wrote:
[...] in about 15 hours we've had 101 OCSP requests, by
27 clients, which totals 256kbytes. I'll post more on this as our
testing goes on if anyone is interested in some real world figures.
I like numbers, but the most important is to interpret
Ian G wrote:
So for us users, we should stick to using * as we still
have to deal with the majority of the world using IE.
(Duane, does that make sense to you?) I'm guessing
that IE isn't likely to implement | anytime soon.
For a number of reasons I don't think regexp hostname are a good
if for example someone
submits a certificate with multiple commonNames, we send them back a
certificate with no commonNames and a bunch of subjectAltNames, or
something to that effect.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think
have the required intermediate certs already
installed, so the admin of the web server will probably see instantly
that his config is wrong, and pay some more attention to the config page.
My concern here is more for client certificates which we actually issue
more of...
--
Best regards,
Duane
name, not any of the
subjectAltNames...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http
budgets and actually having paid employees
and all...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over
Duane wrote:
Nelson B wrote:
Remember that a cert now contains a LIST of valid domain names.
So, if the browser were to display names from the list, which name or
names would it display?
Well neither does any warning message nor the certificate subject Alt
Name extension refer
Jean-Marc Desperrier wrote:
Duane, I downloaded your code and a quick check shows you do use openssl
to emit the certificate (the configuration file is not available in
thoses sources).
While we provide the source code for peer review, we aren't intending
for any download to be used beyond
and
love, this module can be a viable alternative to mod_ssl, but it is not
ready.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http
Nelson Bolyard wrote:
Duane wrote:
To stop people getting additional error messages I re-issued the
certificate with *.cacert.org and cacert.org as the SAN.
Congratulations! Looks like you have got it right now!
The biggest problem I have with openssl is the same problem a lot of
FOSS
Nelson Bolyard wrote:
Yes, however, the RFCs are your friends.
The beautiful thing about standards, is that there are so many to choose
from!
OpenSSL uses DNS:hostname the RFC states dNSName:hostname...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http
and sign certificates with SAN extensions...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net
Jean-Marc Desperrier wrote:
Duane wrote:
The gain is in the potential to notice revocations sooner with OCSP, CRL
might have a 7 day TTL/cache time-out, in 7 days a lot of issues can
arise, so being about to check OCSP hourly or even more often has the
potential to notify you that something
Ian G wrote:
On Thursday 12 May 2005 08:38, Duane wrote:
Ian G wrote:
Further, it turns out that Apache does not have the
code to deal with the client helo server name indication.
As you can see from the discussion from today/yesterday out MSIE/Firefox
both support subjectAltName properly
Duane wrote:
Excellent news... I'm hoping that you write this up
in your VhostsTaskForce page so I can try it out.
Someone just sent me a perl script to generate the openssl.cnf file to
include subjectAltNames etc...
http://wiki.cacert.org/wiki/VhostTaskForce
Scroll to the bottom of the page
Jean-Marc Desperrier wrote:
Duane wrote:
The gain is in the potential to notice revocations sooner with OCSP, CRL
might have a 7 day TTL/cache time-out, in 7 days a lot of issues can
arise, so being about to check OCSP hourly or even more often has the
potential to notify you that something
no
connectivity...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164
on my todo list needing to be done
(both paid and unpaid)... Not to mention the fact I'm still trying to
find an OCSP responder that works 100% of the time within the CAcert
frame work...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think
Jean-Marc Desperrier wrote:
Duane wrote:
Duane wrote:
PS I've setup https://cacert.org and loaded with every combination of
subjectaltname I could think of and find off the net, hinted at,
thought of, tried and cacert.org fails to be matched by both MSIE
and firefox...
Ummm PS I finally found
on how things should be handled...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org
Duane wrote:
the common name on the certificate is: *.cacert.org
the subjectAltName is: cacert.org
To stop people getting additional error messages I re-issued the
certificate with *.cacert.org and cacert.org as the SAN.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
often has the
potential to notify you that something is a miss much sooner...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au
,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers
to recognise the OID, MSIE does recognise it as
SubjectAltName but fails to match...
We've been working towards setting up a bunch of host names etc and
trying to test what browsers support what properly or otherwise...
http://wiki.cacert.org/wiki/VhostTaskForce
--
Best regards,
Duane
http
Duane wrote:
In theory you should be able to use AltSubjectName to specify multiple
domains/hostnames on the same certificate request, however in testing
firefox doesn't seem to recognise the OID, MSIE does recognise it as
SubjectAltName but fails to match...
PS I've setup https://cacert.org
Duane wrote:
Duane wrote:
In theory you should be able to use AltSubjectName to specify multiple
domains/hostnames on the same certificate request, however in testing
firefox doesn't seem to recognise the OID, MSIE does recognise it as
SubjectAltName but fails to match...
PS I've setup https
all most people using PGP are early adopters/tech heads
which are likely to be a little smarter then the average user, and so
the yield would be minimal due to common sense of the demographic rather
then sophistication of the technology.
--
Best regards,
Duane
http://www.cacert.org - Free
(anyone have any lying around?).
Ummm since Verisign offers sub-root certificates to enterprise, wouldn't
that number be a best guess based on how truthful/accurate businesses
have been with Verisign?
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http
vetting everyone
that wants a code signing certificate, and all the fun that goes with it...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http
thought might interest
you... http://blog.cacert.org/?p=30
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over
to obtain the later
without resorting to traffic interception.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your
...
Assumptions are the mother of all [EMAIL PROTECTED](k ups..
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos
of information about me, the most
obvious of course is the Chinese governments great firewall of china...
In which case neither blindly accepting fingerprints or petnames will
actually prove you're talking directly to the server you think you are...
--
Best regards,
Duane
http://www.cacert.org
regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk
Ian G wrote:
How much does Opera charge?
I heard figures of anywhere between $150k and $300k depending who was
telling the story, although we have never had any replies from Opera on
this, or anything else for that matter...
--
Best regards,
Duane
http://www.cacert.org - Free Security
[EMAIL PROTECTED] wrote:
the browser trust the issuing CA of the responder cert - without any
change in behavior.
Is the cert flagged to be a ocsp cert?
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http
Frank Hecker wrote:
can alert people when they visit a new SSL site they haven't been to
before (e.g., a phishing site that purports to be the banking site they
visit regularly). For the record, I think this proposal is worth
considering.
So even more annoying messages that people will end up
Frank Hecker wrote:
Duane wrote:
Frank Hecker wrote:
can alert people when they visit a new SSL site they haven't been to
before (e.g., a phishing site that purports to be the banking site
they visit regularly). For the record, I think this proposal is worth
considering.
So even more annoying
After a company starts offering services to debt collectors to fake
their caller ID, I so didn't see this being abused :)
Oh and it doesn't look like attacks are moving to SSL any time soon...
.
flaws writes A CNN story details how phishers are using Internet Phones
to expand their identity
Ian G wrote:
Of if you were the Chinese government intent on tricking your dissident users into revealing themselves?
No way in hell I'd trust PKI if I were a chinese dissident :)
Actually it makes me doubt how much it can be trusted for anything more
then protecting passwords on email, and even
anyone else see this pdf?
http://eprint.iacr.org/2005/067.pdf
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
Duane wrote:
anyone else see this pdf?
http://eprint.iacr.org/2005/067.pdf
more...
http://www.win.tue.nl/~bdeweger/CollidingCertificates/
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
Ian G wrote:
At least, that is my understanding - did you see any
different?
I think I misread the implication...
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
Ian G wrote:
Pharming consists in the name resolution system modification, so that
when a user thinks he or she is accessing to bank's web page, he or she
is actually accessing the IP of a spoofed site.
As far as I can tell there is 2 entry points here... (points out the
obvious) firstly
Nelson B wrote:
The wrong error code is being given, and NSS should be changed to
give the right error code, which should be SEC_ERROR_BAD_KEY, -8178,
Peer's public key is invalid..
Thanks, I've let the guy know...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
out the next message right away, and not
keep you all in suspense :-)
I'll save comment for your third email...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications
currently dealing with it...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org
or only RSA?
https://svn.wanda.ch is the website...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over
Ian G wrote:
Can you ask these people for me why they are using
CA signed certificates? If they are abusing the PKI,
Because they don't want their clients or themselves being bombarded by
annoying popups that the certificate isn't trusted...
--
Best regards,
Duane
http://www.cacert.org
effects the
ability for real people to have privacy, it won't stop determined
attackers...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http
of marketing which only confuses the situation much
worst...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over
in a single
use policy like you are describing?
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over
, after all
how many users even realise about webtrust or CAs unless they need a
certificate? All the end user sees is the browser says there is a lock
so they must be trustable...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally
Petar Popara wrote:
While there is plenty of built-in CAs giving free certs away for email
Who is giving away free certs for e-mail? I'd like to take one.
http://www.CAcert.org :P
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com
Ian G wrote:
The intention is to secure a low value cert, not to make
it invulnerable.
I suggested this and no matter what I replied with you seemed to think
it was impossible to do (as did Nelson for other reasons)
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
...
Personally I have a number of domains I bought purely for email reasons,
and while it's not impossible to get a temporary site up, will everyone
else be in the same boat? What about the cheap email hosting deals but
they don't come with a website?
--
Best regards,
Duane
http://www.cacert.org
Ian G wrote:
Duane wrote:
The only issue with Ian's suggestion about probing a website/screen
scraping then is for the domains people only use for email or what not
and don't run websites, or run internal sites that are password
protected from the outside world...
Ah, to clarify, I
on a fake host). It would be a really nice
privilege escalation.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos
certificate finger prints and do warnings if they change, or
allow the new finger print to also be added to the plug-in database as
also acceptable...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http
, or a combination of both... PS see my other
reply as to you other points (my apologies for referring to you as
Julian, I should check next time :)
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http
Ian G wrote:
Duane wrote:
Ignoring the main interface, how hard/easy would it be to do something
like this as a plug-in instead?
I guess that's what TrustBar does. Personally,
I think that is non-optimal, I don't like the idea
of plugins fiddling around with the keys and
the various
much?
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164
)
need for their programs.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org
then
better planning to make everyone's lives a little easier.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your
by themselves aren't in most cases unique, unless you're refering
to some abstract suggestion of making them unique some how, such as a
combination of name + email address, or name + email + govt ID #...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com
registrars send
passwords, changes to your domain name in plain text emails...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au
size fits all, and binary security
sucks and has no hope of representing this... I don't think sticking a
logo on the chrome will fix this issue either...
Nelson pointed out how bad email verification is, but what if that's all
you can prove?
--
Best regards,
Duane
http://www.cacert.org - Free
?
Binary security can't deal with both situations simutaniously and
adequately, it needs to indicate visually the level of security...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com
traffic with a different key and unless you dig into the SSL dialogs you
virtually can never tell if anyone is proxying your traffic or not...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http
, this is
good for credit cards, this is somewhere in the middle of them both...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell
of birth, names,
and govt issued photo IDs are checked in person etc...
Final class is those that want code signing, not only do they need at
least 2 others to verify their ID, but they need to have a copy of their
govt issued ID on file with CAcert...
--
Best regards,
Duane
http
tried to apply a 1 size
fits all system to the world over.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over
as either on or off, I disagree with
the whole binary security thing, security isn't binary, it's a whole
bunch of grey...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications
Nelson B Bolyard wrote:
A few more voices supporting that idea would help. As long as you
guys keep trashing the value of certs, as you do (you know who you
are), I doubt the situation will improve.
Since spyware is being signed that's supposed to make it ok?
--
Best regards,
Duane
http
,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers
1 - 100 of 209 matches
Mail list logo