There's no requestor control of validityNotBefore for an offline CA signing
event, and certainly none with an online CA since the Playstation attack.
There's limited control of toBeSigned: CAs will grab the asserted subject
DN, public key, and toss the decorations in the PKCS#10 away. They'll
Dear All!
Thank you for contributing in our discussion and illustrate some existing
problems with our certificates. I would like to address the stated points
seperatley.
* Wrong CNs in Subject (1, True, BSB-oenb): This was an issue that arose with
the switch to SHA-256 certificates in
On 02/11/2016 08:15 AM, Rob Stradling wrote:
> https://cert-checker.allizom.org/ can already accept and "run certlint"
> on a user-submitted certificate. Could a "run cablint" button be added
> too?
The way it's implemented, "run certlint" actually runs cablint, which as
I understand it is a
On 2/12/2016 1:34 PM, Kathleen Wilson wrote:
> Thanks to a group of students at Rose-Hulman Institute of Technology for
> creating a Certificate Manager Add-on for their senior project!
>
> I've been using it for a couple months now, and I like it much better
> than the old Certificate Manager
On 02/12/16 14:26, Christoph Klein wrote:
> Dear All!
>
> Thank you for contributing in our discussion and illustrate some
> existing problems with our certificates. I would like to address the
> stated points seperatley.
[snip]
> * 20 Bits of Entropy: the Serialnumber included in the Subject of
Thanks to a group of students at Rose-Hulman Institute of Technology for
creating a Certificate Manager Add-on for their senior project!
I've been using it for a couple months now, and I like it much better
than the old Certificate Manager that ships with Firefox.
6 matches
Mail list logo
