and we should have a friendly script or cookbook for this available
somewhere. Fixing this will relieve you guys of answering all these
inquiries via email.
TinyCA has, so far, sufficed for my modest needs.
http://tinyca.sm-zone.net/
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
the certificate has
changed, a system supporting certificate pinning will warn you.
I believe this is what the Certificate Patrol plugin for Firefox is
doing, if you want to see it in action.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking
.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.
pgpNJNzqoTBIj.pgp
Description: PGP signature
Or 'mount -o umask=077' I think.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
for next
year.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is intuitive he
means the exact opposite.
pgpwLwFBU4rOO.pgp
Description: PGP signature
to be run by something like inetd).
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is intuitive he
means the exact opposite.
pgpqBeVFub079.pgp
Description: PGP signature
-signed cert.s would pass the
audit, but your CA doesn't have to work that way.
The question then is whether the ability to issue EV cert.s yourself
is worth the effort and expense of doing it properly.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor
to get in.
Meaning the world will be effectively, totally disarmed.
So long as *none* of the parties fix their clocks first. We must not
have a clock-width gap! :-)
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is intuitive he
application
cares. Same with using the password 'password'.
:-O Do they leave a key under the doormat, too?
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Friends don't let friends publish revisable-form documents.
pgpVHchmnYVTo.pgp
Description: PGP signature
On Tue, Feb 24, 2009 at 03:11:29PM -0800, John Oliver wrote:
On Tue, Feb 24, 2009 at 03:48:21PM -0500, Mark H. Wood wrote:
I don't think Sun keytool will do thist step. You can export
certificates but not private keys -- at least, I've never found a way
to move private keys in or out using
On Tue, Feb 24, 2009 at 03:17:52PM -0800, John Oliver wrote:
On Tue, Feb 24, 2009 at 03:48:21PM -0500, Mark H. Wood wrote:
On Tue, Feb 24, 2009 at 08:02:30AM -0800, John Oliver wrote:
10. Right click on the displayed keypair and Rename it to 'key'
-changealias -alias OLDNAME
That's a Layer 1/2 issue. Perhaps you mean RFC 3514?
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Friends don't let friends publish revisable-form documents.
pgpD1Wm4j9Cwx.pgp
Description: PGP signature
is doing strategic positioning that AMD is not.)
That's smart of Intel. But again, if AMD have released spec.s under
liberal terms then maybe they think they *are* positioning their
product, and nobody has picked up on it yet.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Friends don't
if it does
not model the problem that the code is intended to solve.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Friends don't let friends publish revisable-form documents.
pgpKR3QEobidk.pgp
Description: PGP signature
not, and it is precisely that knowledge
which gives documentation much of its value.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Friends don't let friends publish revisable-form documents.
pgpwKJpF5MXBS.pgp
Description: PGP signature
don't have to make practical
sense, so long as they make educational sense.
Anyway, when did anyone pass a law that says requirements have to
be sensible? :-)
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Friends don't let friends publish revisable-form documents
they slather onto the EULA. We should all check
and tune our browsers' trust lists. (No, I haven't.)
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Balance your desire for bells and whistles with the reality that only a
little more than 2 percent of world population has broadband
not to use such a tool, you may learn some useful
things by studying the code.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Balance your desire for bells and whistles with the reality that only a
little more than 2 percent of world population has broadband.
-- Ledford and Tyler
the randomness of a single
sample? 1 is every bit as random (or nonrandom) as
0xdcb4a459f014617692d112f0942c89cb.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.
pgp4K28h90CTU.pgp
Description: PGP signature
that provides locking?
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.
pgp0W7wcocR7D.pgp
Description: PGP signature
Ah. I did not understand that referenced by browser vendors meant
we were talking about inclusion in their canned trust stores. Thanks,
both of you.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart
that
remains is which Root CA. That can only be done by reading the
certificate hierarchy that is presented by the bank's server, which it
should provide you upon making an s_client connection.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient
.
Better to say: if users canNOT manipulate the root certificate store,
then it would be impossible to trust anything. The whole point is
*my* trust. (And yours.)
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people
3.00.0(1)-release and it works just
fine:
mhw:~$ openssl req -text -noout ny.req
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=NY, L=New York
etc.
- --
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says
this decision to the builder.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is intuitive he
means the exact opposite.
pgp1Xi1tjl9jC.pgp
Description: PGP signature
me to trust this object.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is intuitive he
means the exact opposite.
pgpz4zisIJ0da.pgp
Description: PGP signature
Is there a built-in command in the openssl utility which can verify
that a private key and a certificate represent a valid keypair? Or is
there some simple way to determine this using other built-in commands?
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software
I went to www.microsoft.com and searched for IIS install
certificate. The first hit led me to:
http://msdn2.microsoft.com/en-us/library/ms751408.aspx
with step-by-step instructions. (Ignore the leading part about
'makecert', of course -- you already have a certificate.)
--
Mark H. Wood
agree that it takes careful
attention to detail if it is to be secured.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is intuitive he
means the exact opposite.
pgpZJcxMK3gG2.pgp
Description: PGP signature
be NO. It truly doesn't
matter whether you made a new certificate or updated the old one,
because in either case you must distribute it again in a trustworthy
manner or nobody will trust it.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product
a field described as a serial
number and ask why it isn't behaving properly. It's too bad the standard
calls this attribute a serial number rather than, say, certificate
unique identifier, but the term is fixed now.
- --
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Open-source
appropriate substitutions from the form
data? Or if your form processor isn't a convenient place to do this, you
could fork a command that pipes the template through e.g. sed.
- --
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product
many more yet to be discovered.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
MS Windows *is* user-friendly, but only for certain values of user.
__
OpenSSL Project http
*both*, note a discrepancy, yell bloody murder! and ask the
user for a decision.
If I've misunderstood the problem, what would you recommend I read?
- --
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Open-source executable: $0.00. Source: $0.00 Control: priceless!
-BEGIN PGP
in determining the kind of identity you
want to prove. The same is true of X.509 or OpenPGP certificates, or
really any other identifier. It's always necessary to decide what it is
you want to know, before accepting something as identification.
- --
Mark H. Wood, Lead System Programmer [EMAIL
ht to move to [EMAIL PROTECTED] or
comp.security.ssh .
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
2000-05-05 13:27:15 GMT -- still no icebergs in the White River
__
OpenSSL Project
for secure communication.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Make a good day.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
reflector to *add*
this header, and I appreciate the service.
Besides, I'm getting a nice list of virus-scanner companies that don't
know how to write proper autoresponders. :-/
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Make a good day
.
Anybody know whatever happened to the Dragon graphics chip?
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Make a good day.
__
OpenSSL Project http://www.openssl.org
User Support Mailing
On Wed, 22 Aug 2001, Caliban Tiresias Darklock wrote:
Just out of curiosity, why are attachments allowed on the list in the
first place? Is there any legitimate reason for it?
Well, why not? Is there any legitimate reason *not* to?
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED
look through the stuff that 1.1 is
known to break and see if I can safely upgrade. (Then I'll have to tweak
ssh)
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Please, no more software products offering a "richer experience"! I have
indigestion of the brain already. Give
in writing? It is difficult to get telephone conversations
into court. Each party contrives to remember them differently.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Please, no more software products offering a "richer experience"! I have
indigestion of the brain alre
ir license until then.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Definitely NOT a lawyer.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
that a certificate
asserting that it belogs to B was in fact issued to B, other than to trust
that A has diligently investigated the requestor's claims and met our
standards for establishing that that person is in fact B?
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
"Where's the k
re
channel to an unknown endpoint. Do lots of people really believe that it
means any more than that? That is frightening.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
"Where's the kaboom? There was supposed to be an Earth-shattering kaboom!"
-- Marvin Martian,
be informed that IDEA is to be ignored?
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
2000-05-05 13:27:15 GMT -- still no icebergs in the White River
__
OpenSSL Project http
. An eight-bit
signed value of -2 would be 254 if interpreted as unsigned.
I can recommend Olivier Dubuisson's book on ASN.1, but my copy is at home
now so I can't refer to it.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Make a good day
something off the shelf, slam it in, do five minutes of cookbook
setup, and forget it ever happened. It's much harder to find books which
promote actual *understanding*.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Our lives are forever changed. But *that* is exactly as it always
procmail
3.14 to be sorted into various mailboxes, and is read using pine 4.33.
Here some posts are multiplied up to five times, and some are not. That
suggests a gateway which is common to some, but not all, posters.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Our lives
for daring to call themselves Yoga Inside, on the (ludicrous
IMHO) grounds that that name harms their trademark.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
MS Windows *is* user-friendly, but only for certain values of user
* compatibly installed on one box.)
IIRC the Ethereal folk have also run up against this problem.
I'm not asking for anything at this time; I just wanted to provide a
couple of data points.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
MS Windows *is* user-friendly, but only
thought of that, and it sounds like fun too.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
MS Windows *is* user-friendly, but only for certain values of user.
__
OpenSSL Project http
On Tue, 14 May 2002, Franck Martin wrote:
[snip]
Who can't see that this message is digitaly signed and do you know why?
I can see that it is signed, but pine doesn't know what to do with an
Application/X-PKCS7-SIGNATURE bodypart.
--
Mark H. Wood, Lead System Programmer [EMAIL
with OpenSSL_ when it
comes out, though.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
MS Windows *is* user-friendly, but only for certain values of user.
__
OpenSSL Project http
in a
pretty package so that you can just push a few buttons and have a private
CA ready for use. OTOH OpenSSL lets you see what it is doing, and it's
flexible enough to do a lot more than just issue magic numbers.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
MS Windows *is* user-friendly
which is statically linked with code from the library archives
will need to be rebuilt before it can use the updated libraries.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
MS Windows *is* user-friendly, but only for certain values of user
or I am the person X named in Y's will.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
MS Windows *is* user-friendly, but only for certain values of user.
__
OpenSSL Project http
in
openssl.cnf file as a comment?
Second the motion. Also, openssl.txt is a rather obscure name
considering that the document is narrowly focused on two aspects of the
package. Shouldn't it be split into X509V3-extensions.txt and
PKCS12-library.txt or something like that?
--
Mark H. Wood, Lead
that worries you.
5. Goto 3.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
\applause all around!
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: Digital signature
___
openssl-users mailing
; And unless some or all of the browsers also apply these requirements to
> private CAs, you’re not forced to follow them all.
How does one mechanically distinguish public vs. private CAs?
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Ind
much experience that a file
named CHANGES contains *all* of the changes, while a file named
RELEASE_NOTES includes selected changes of particular significance.
It's confusing to call a release-notes file CHANGES.
Appending a note that, for a full change log, [DO THIS], would probably
be well recei
n another question: do
you regularly review the package manager's default cipher list, and
have reason to trust it?
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.
ttps://github.com/openssl/openssl/issues/14570
>
> Unfortunately it was not implemented in time for beta1 so this is now
> Post 3.0 item.
>
> I would recommend explicitly setting security level 0 via a cipher
> string when executing the test.
I second the motion. If a test is
odes of thought often while working.
I agree that a Migration Guide will, after a brief discussion of the
high-level differences between old and new, consist mostly of "if you
did task T that way before, now you should do it something like this"
for many values of T drawn from the Prog
66 matches
Mail list logo