On Thu January 1 2009, Victor Duchovni wrote:
On Thu, Jan 01, 2009 at 06:26:49PM -0800, David Schwartz wrote:
Edward Diener wrote:
1) You need someone to confirm that having a client use a
known-compromised
private key to authenticate over SSL is no worse than the
client
What is to prevent someone from forging a root CA and then creating
intermediate certificates signed with SHA1, based on the forged root CA?
Please respond to openssl-users@openssl.org
Sent by:owner-openssl-us...@openssl.org
To: openssl-users@openssl.org
cc: (bcc: Dan
Hello,
I am using static FIPS modules on Windows XP 32 bit. I am trying to link
with my application. I am following command in User Guide 1.2 for static
linking.
perl util\fipslink.pl /nologo /subsystem:console /machine:I386
/out:out32\md2test.exe /ENTRY:main
what does /out: option mean. What
The fact that root certificates are NEVER trusted, under X.509, unless
they're already in the client store (or are added as a specific
security exception). These are a special class of certificates called
trust anchors (technically, the trust anchor is the public key; the
certificate is the thing
On Fri, Jan 02, 2009 at 07:41:25AM -0800, dan_mit...@ymp.gov wrote:
What is to prevent someone from forging a root CA and then creating
intermediate certificates signed with SHA1, based on the forged root CA?
The verifiers (e.g. web browser applications) don't have the forged
root CA in their
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
dan_mit...@ymp.gov wrote:
| What is to prevent someone from forging a root CA and then creating
| intermediate certificates signed with SHA1, based on the forged root CA?
Nothing.
Now his problem is to get the users to include it into their list
of
Victor, thanks for answer!
I will try to develop it.
On Fri, Jan 02, 2009 at 02:05:10AM +0300, Taras P. Ivashchenko wrote:
Hello, list!
I found in archive [0] discussion about how to check if
certificate is self-signed. But I can't find there solution how can I do it
from
The security model is already broken-by-design because there is only a
single padlock icon in the UI of most browsers -- there is no way to
differentiate the different types of things (not 'technical key
usages', but 'what do I trust the entity I associate the key with
for?') in the UI.
I'm
Kyle Hamilton wrote:
The fact that root certificates are NEVER trusted, under X.509, unless
they're already in the client store (or are added as a specific
security exception). These are a special class of certificates called
trust anchors (technically, the trust anchor is the public key; the
