Re: Trusted PEM distribution of Mozilla's CA bundle

On Mon, Oct 20, 2014 at 4:10 AM, Gregory Szorc g...@mozilla.com wrote: b is a somewhat gnarly-looking Perl script that downloads certdata.txt from http://hg.mozilla.org/ or http://mxr.mozilla.org/ (more non-HTTPS URLS!) (hostname depends on which version / instruction you are looking at), and

Re: Trusted PEM distribution of Mozilla's CA bundle

On Mon, October 20, 2014 7:17 am, Anne van Kesteren wrote: On Mon, Oct 20, 2014 at 3:41 PM, Gervase Markham g...@mozilla.org wrote: Perhaps we just need to jump that gap and accept what is /de facto/ true. Yeah, as with publicsuffix.org we should own this up. I would, in fact, argue

Re: Client certs

Gervase Markham wrote: A question which occurred to me, and I thought I'd put before an audience of the wise: * What advantages, if any, do client certs have over number-sequence widgets such as e.g. the HSBC Secure Key, used with SSL?

Re: Client certs

A relevant point here is that one of the main reasons for the difficulty in using client certs was a preposterous patent claim to the implementation of RSA in a hardware device with a USB serial interface. I kid you not. That might not be as much of an issue these days. The patent might have

Re: Trusted PEM distribution of Mozilla's CA bundle

On Mon, Oct 20, 2014 at 8:33 AM, Ryan Sleevi ryan-mozdevsecpol...@sleevi.com wrote: On Mon, October 20, 2014 7:17 am, Anne van Kesteren wrote: On Mon, Oct 20, 2014 at 3:41 PM, Gervase Markham g...@mozilla.org wrote: Perhaps we just need to jump that gap and accept what is /de facto/