On Mon, Oct 20, 2014 at 8:33 AM, Ryan Sleevi <
ryan-mozdevsecpol...@sleevi.com> wrote:
> On Mon, October 20, 2014 7:17 am, Anne van Kesteren wrote:
> > On Mon, Oct 20, 2014 at 3:41 PM, Gervase Markham
> wrote:
> > > Perhaps we just need to jump that gap and accept what is /de facto/
> > > true.
A relevant point here is that one of the main reasons for the difficulty in
using client certs was a preposterous patent claim to the implementation of
RSA in a hardware device with a USB serial interface.
I kid you not.
That might not be as much of an issue these days. The patent might have
expi
Gervase Markham wrote:
> A question which occurred to me, and I thought I'd put before an
> audience of the wise:
>
> * What advantages, if any, do client certs have over number-sequence
> widgets such as e.g. the HSBC Secure Key, used with SSL?
>
> http://www.hsbc.co.uk/1/2/customer-support/on
On Thursday, September 4, 2014 12:21:50 PM UTC+2, Gervase Markham wrote:
> Short-lived certs are one plank of our future revocation strategy.[0]
>
> Currently, it is not permitted by the CAB Forum Baseline Requirements to
>
> revocation pointers out of a cert, ever. However, this is part of the
>
On Mon, October 20, 2014 7:17 am, Anne van Kesteren wrote:
> On Mon, Oct 20, 2014 at 3:41 PM, Gervase Markham wrote:
> > Perhaps we just need to jump that gap and accept what is /de facto/
> > true.
>
> Yeah, as with publicsuffix.org we should own this up.
>
I would, in fact, argue strongly aga
On Mon, Oct 20, 2014 at 3:41 PM, Gervase Markham wrote:
> Perhaps we just need to jump that gap and accept what is /de facto/ true.
Yeah, as with publicsuffix.org we should own this up.
--
https://annevankesteren.nl/
___
dev-security-policy mailing l
On 20/10/14 03:10, Gregory Szorc wrote:
> Is there a good reason Mozilla can't host copies of the trusted CA
> bundle in popular formats so people can obtain a copy directly from
> Mozilla? And while we're at it, can we add some PGP signatures for
> additional verification?
One issue is, perhaps,
On Mon, Oct 20, 2014 at 4:10 AM, Gregory Szorc wrote:
> "b" is a somewhat gnarly-looking Perl script that downloads certdata.txt
> from http://hg.mozilla.org/ or http://mxr.mozilla.org/ (more non-HTTPS
> URLS!) (hostname depends on which version / instruction you are looking at),
> and somehow mun
8 matches
Mail list logo
