Someone has recently suggested to me that one of the CAs now included
in Mozilla's list of trusted root CAs actually has the practice of
generating key pairs (including the private key) for their subscribers
and delivering the private key and associated cert chain to the
subscriber in a PKCS12
Nelson Bolyard wrote:
Do we really want to allow this?
Should this at least be a question that CAs must answer as they apply
for cert inclusion or EV status upgrades?
At a minimum, please add it to the Questionable CA practices document
on the wiki.
It doesn't sound particularly wise to me.
Gervase Markham:
Nelson Bolyard wrote:
Do we really want to allow this?
Should this at least be a question that CAs must answer as they apply
for cert inclusion or EV status upgrades?
At a minimum, please add it to the Questionable CA practices document
on the wiki.
It doesn't sound
On Jun 27, 5:49 pm, Nelson B Bolyard [EMAIL PROTECTED] wrote:
1. There is (or perhaps, was) a project called Client Customization Kit
that facilitated creating packaged browsers that contains all sorts of
differences from the base product. It easily handled configuration
changes in the file
Eddy Nigg wrote:
From what I've heard about such practices is, that the PKX file is
password protected and delivered by simple email. But obviously anybody
getting hold of the mail and file can easily brute-force attack it with
a simple script.
I think this is the issue Nelson is
Are there any specific examples for the usage of Sharable certificate
db?
I see the procedure to use at
http://wiki.mozilla.org/NSS_Shared_DB_Samples#Using_the_new_database_for
mat
Is that what should be done along with the certDir to be changed to the
shared db location?
-Original
Frank Hecker:
Eddy Nigg wrote:
From what I've heard about such practices is, that the PKX file is
password protected and delivered by simple email. But obviously
anybody getting hold of the mail and file can easily brute-force
attack it with a simple script.
I think this is the issue Nelson
Also, aren't functions NSS_InitReadWrite suppose to return an error
incase the db has already been opened by another process in read-write
mode? I tried opening the mozilla profile db in read-write mode and it
doesn't return any error in my application.
-Original Message-
From: [EMAIL
Ruchi Lohani wrote, On 2008-06-30 12:00:
Also, aren't functions NSS_InitReadWrite suppose to return an error
incase the db has already been opened by another process in read-write
mode?
No, that is not part of the definition of those functions.
I tried opening the mozilla profile db in
tmountjr wrote, On 2008-06-30 09:46:
I have confirmed that [...] the option to hide the extension from the
list works.
Please elaborate on that. What extensions from what list? In general,
it is evil if extension authors can hide the existence of extensions.
I'd go so far as to call it a
Gervase Markham wrote, On 2008-06-30 04:59:
Nelson Bolyard wrote:
Do we really want to allow this?
Should this at least be a question that CAs must answer as they apply
for cert inclusion or EV status upgrades?
At a minimum, please add it to the Questionable CA practices document
on the
On Jun 30, 5:38 pm, Nelson B Bolyard [EMAIL PROTECTED] wrote:
tmountjr wrote, On 2008-06-30 09:46:
I have confirmed that [...] the option to hide the extension from the
list works.
Please elaborate on that. What extensions from what list? In general,
it is evil if extension authors can
12 matches
Mail list logo
