Eddy Nigg (StartCom Ltd.) wrote:
Johnathan Nightingale [EMAIL PROTECTED] wrote:
Imagine that we found a way to clearly present to the user:
+ Your connection is encrypted
+ The site's identity has been verified
+ You've been here many times before
+ This site is trusted by (your friends |
Gervase Markham wrote:
Nelson Bolyard wrote:
Is FlySSL acting as a Registration Authority (RA) for Geotrust/Comodo?
I don't think so; but how would I tell? Is the only way to tell by
asking Geotrust and Comodo?
That probably the best way.
Or is there something that has
Melelina wrote:
The cert is issued to www.microsoft.ipsos.com by Verisign.
Or it appears to be.
I want to use Fx at Microsoft sites and I am very tired of Fx problems with
Microsoft certs
But you haven't yet shown any evidence of FF having a problem with a
Microsoft site. The site you
Eddy Nigg (StartCom Ltd.) wrote:
Nelson Bolyard wrote:
Yes, there is a standard for certs that allows (but does not require)
relying parties to go search on the internet for missing
intermediate CA certs.
Do you have the quote from the corresponding RFC for this?
It's RFC 3280 section
Throughout the lifetime of mozilla browsers, there have been innumerable web
sites that worked with IE but not mozilla, because those web sites' content
depended on IE behavior, and were not testing with any browser other than IE.
Countless users have whined to mozilla with messages saying (in
Gervase Markham wrote:
Eddy Nigg (StartCom Ltd.) wrote:
The fact that connections to expired certificates are allowed by most if
not all browser vendors contributes to this problem, if this certificate
is removed from the CRL...than it's just an expired certificate which
was once valid,
Stefanos,
If you'[re really worried about students being MITM attacked, then you
might ask why the University has so many https sites using invalid certs
which necessitate the users getting this dialog in the first place.
Don't worry, in FF3, this dialog will go away completely.
Gervase Markham wrote, On 2008-02-09 02:35:
Eddy Nigg (StartCom Ltd.) wrote:
Since sometimes there are some licensing concerns with the certdata.txt
file, I wanted to know exactly what one is allowed to do. If for example
by merely extracting the CA certificates with a tool like
Boris Zbarsky wrote, On 2008-02-26 21:32 PST:
Vladi Rocha wrote:
Hi developers. I am trying to avoid the popup when you
remove a token PKCS11 while an operation was in
progress.
You probably want mozilla.dev.tech.crypto for this question...
Unfortunately, this is a PSM question, not an NSS
Rick Andrews wrote on 2008-03-04 16:36 PST:
Where can I find a list of features included in FF3? Does it include
support for SHA-256 and ECC?
The cryptographic algorithms and TLS cipher suites supported in FF3
will be the same as in present versions of FF2, with the following
additional cipher
bezuglyi wrote, On 2008-09-03 02:32 PDT:
I want to add my own cipher algorithm to NSS library, like gost engine
in openssl, is it possible?
If yes can anyone explain the procedure
You'll find more people who can help with this in the dev-tech-crypto
mailing list, which is also the
Ben Bucksch wrote, On 2008-09-17 13:55:
Thunderbird currently has the SSL options: Never (plain), TLS, if
available, TLS (always), and SSL (always), for incoming IMAP/POP3
and outgoing SMTP servers (with slightly different UI wording). TLS is
basically SSL version 3.
Damn! Those old wrong
Note: cross posted to mozilla.dev.tech.nspr.
Follow up messages are directed there.
lixiangfeng wrote, On 2008-09-26 01:39:
Hi,I write a program use mozilla nss .
My process will scan some variable for a expected value.when the variable
equals some value,my process will dosomething.So,I
Roy Donaldson wrote, On 2008-12-11 11:00:
I'm sure the answer is somewhere out there, but I can't seem to find it no
matter where I look.
Are there binary distributions of NSS (specifically, the slightly older
versions that are FIPS 140-2 certified) for download, or do I need to
compile
Roy Donaldson wrote, On 2008-12-19 12:27 PST:
I'm trying to create a FIPS 140-2 compliant SSL connection using the Sun
JSSE (SunPKCS11) and NSS.
I suppose you mean a FIPS compliant TLS connection. TLS is SSL version 3.1
(or newer). FIPS 140 compliance requires the use of TLS.
Crypto
Jean-Marc Desperrier wrote, On 2009-02-20 07:55:
Eddy Nigg wrote:
On 02/19/2009 03:30 PM, Jean-Marc Desperrier:
Moxie Marlinspike in Black Hat has just demonstrated a very serious i18n
attack using a *.ijjk.cn certificate.
On 2009-07-03 01:43 PDT, Andrei Korostelev wrote:
Does Firefox 3.5 already support multi-process shared secrurity
database or it is still single-process?
By default, it is still the old single-process cert8 and key3 DBs,
as before.
However, FF 3.5 has the code to support shared-access cert9
On 2009-08-10 15:32 PDT, Sid Stamm wrote:
http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsCertOverrideService.cpp#259
This is a bit of NSS that reads the cert_override.txt file
It's not NSS. If it was NSS, you would see /nss/ in the path name above.
It's PSM, and
Daniel Veditz wrote:
On 10/13/09 10:12 AM, Eddy Nigg wrote:
#B is important because we are already month after the alleged bug
happened, plenty of time to get the act together. I think this warrants
some actions, a review and renewed confirmation of compliance might be a
good thing to do
On 2010-03-03 10:58 PST, Shailendra Jain wrote:
Is this source of information about Linux planning to integrate NSS as
main security features available some where in the web or in Linux doc?
RedHat is doing this for RedHat Linux. I'm sure you will find info on
RedHat's web site. I don't know
On 2010-03-02 10:06 PST, davidwboswell davidwbosw...@yahoo.com wrote:
I maintain a list of applications that use Mozilla technologies in
their projects and wanted to add more examples of projects that use
NSS.
http://www.mozilla.org/projects/mozilla-based.html
There are lots of applications
, which fails.
--
/Nelson Bolyard
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
22 matches
Mail list logo