> "Werner" == Werner Koch <[EMAIL PROTECTED]> writes:
Werner> The last time I checked the Mozilla code they used their own crypto
Werner> stuff. When did they switched to OpenSSL and how do they solve the
Werner> GPL/OpenSSL license incompatibility?
Indeed they do. It is called nss, is avai
On Sun, Feb 10, 2008 at 07:27:28PM +0100, Werner Koch wrote:
> On Thu, 7 Feb 2008 16:37, [EMAIL PROTECTED] said:
>
> > I don't have any idea why or why not, but all they can release now is
> > source code with #ifdef openssl >= 0.9.9 ... do PSK stuff ... #endif,
>
> The last time I checked the
On Thu, 7 Feb 2008 16:37, [EMAIL PROTECTED] said:
> I don't have any idea why or why not, but all they can release now is
> source code with #ifdef openssl >= 0.9.9 ... do PSK stuff ... #endif,
The last time I checked the Mozilla code they used their own crypto
stuff. When did they switched to
Peter Gutmann wrote:
Victor Duchovni <[EMAIL PROTECTED]> writes:
While Firefox should ideally be developing and testing PSK now, without
stable libraries to use in servers and browsers, we can't yet expect anything
to be released.
Is that the FF devlopers' reason for holding back? Just wonde
Peter Gutmann wrote:
There's always the problem of politics. You'd think that support for a free
CA like CAcert would also provide fantastic marketing opportunities for free
browser like Firefox, but this seems to be stalled pretty much idefinitely
because since CAcert doesn't charge for certif
On Thu, Feb 07, 2008 at 08:47:20PM +1300, Peter Gutmann wrote:
> Victor Duchovni <[EMAIL PROTECTED]> writes:
>
> >While Firefox should ideally be developing and testing PSK now, without
> >stable libraries to use in servers and browsers, we can't yet expect anything
> >to be released.
>
> Is tha
Victor Duchovni <[EMAIL PROTECTED]> writes:
>While Firefox should ideally be developing and testing PSK now, without
>stable libraries to use in servers and browsers, we can't yet expect anything
>to be released.
Is that the FF devlopers' reason for holding back? Just wondering... why not
releas
Frank Siebenlist <[EMAIL PROTECTED]> writes:
>With the big browser war still going strong, wouldn't that provide fantastic
>marketing opportunities for Firefox?
There's always the problem of politics. You'd think that support for a free
CA like CAcert would also provide fantastic marketing oppor
On Wed, Feb 06, 2008 at 09:21:47AM -0800, Frank Siebenlist wrote:
> With the big browser war still going strong, wouldn't that provide
> fantastic marketing opportunities for Firefox?
>
> If Firefox would support these secure password protocols, and the banks
> would openly recommend their cust
Peter Gutmann wrote:
Frank Siebenlist <[EMAIL PROTECTED]> writes:
That's actually a sad observation.
I keep telling my colleagues that this technology is coming "any day now" to
a browser near you - didn't realize that that there was no interest with the
browser companies to add support for th
Frank Siebenlist <[EMAIL PROTECTED]> writes:
>That's actually a sad observation.
>
>I keep telling my colleagues that this technology is coming "any day now" to
>a browser near you - didn't realize that that there was no interest with the
>browser companies to add support for this...
I know of a
On Feb 1, 2008, at 9:34 PM, Ian G wrote:
* Browser vendors don't employ security people as we know them on
this mailgroup [...] But they are completely at sea when it comes
to systemic security failings or designing new systems.
I don't know about other browsers, but Mozilla's CSO-type is W
At 09:34 PM 2/1/2008 +0100, Ian G wrote:
* Browser vendors don't employ security people as we know them on this
mailgroup, they employ cryptoplumbers. Completely different layer. These
people are mostly good (and often very good) at fixing security bugs. We
thank them for that! But they are
Frank Siebenlist wrote:
Why do the browser companies not care?
I spent a few years trying to interest (at least) one
browser vendor with looking at new security problems
(phishing) and using the knowledge that we had to solve this
(opportunistic cryptography). No luck whatsoever. My view
Peter Gutmann wrote:
"Perry E. Metzger" <[EMAIL PROTECTED]> writes:
SSL involves digital certificates.
Not really, James Donald/George W. Bush. It involves public keys, and it
provides a channel by which X.509 certificates can be exchanged,
Actually it doesn't even require X.509 certs. TLS-
15 matches
Mail list logo
