Paul Hoffman wrote: > At 9:27 AM -0400 7/18/08, Frank Hecker wrote: >> Paul Hoffman wrote: >> > Has anyone validated the ECC paramters they used? >> >> Not that I'm aware. > > I think that's unfortunate. It is easy for all of us to test the > parameters for RSA certs, but few of us have software for testing ECC > certs.
Are there NSS, OpenSSL, or other open source utilities available for this purpose? Could you point me to more information on this topic? >> There's a test site with a Comodo-issued ECC cert at >> >> https://comodoecccertificationauthority-ev.comodoca.com/ > > ...which no browser will let me into. :-) For Firefox at least that's because we haven't added the root CA cert yet, though there might be additional reasons relating to the OCSP responder (see the bug for more info). I was able to add a security exception for this site and then could access it successfully (using Firefox 3.0.1 on OS X), however it's not clear to what extent Firefox was able to validate the cert signature. (Firefox still gives me a "certificate did not verify for unknown reasons" message.) Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
