David E. Ross wrote, On 2008-11-05 16:10:
I'm having a problem with a credit union's Web site (which prompted my
other message IP Address Question in mozilla.support.seamonkey).
Sometimes when I access the site's home page -- which is https --
everything is okay; a secure session is
Has anybody else seen or be able to reproduce this.
Using JSS, if you create an SSLServerSocket with need or want client
auth set to true, and you attempt a handshake with a client that does
not send a client certificate, JSS throws some native exception that
brings down the VM.
Thread: main
Nelson B Bolyard wrote:
Pardon my ignorance, but, what is CentOS ?
CentOS is the name of a Linux distribution.
Kai
smime.p7s
Description: S/MIME Cryptographic Signature
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
Graham, Nelson, Eddy, you all make good points.
I'll take your word for it that it's impossible to detect MITM attacks
with 100% reliability, as I said I'm not a security expert.
How about an MITM detection service that gives no false positives, but
might give false negatives? If you positively
Specifically it's built from Red Hat Enterprise Linux (RHEL) sources with the
Red Hat proprietary pieces removed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Kai Engert
Sent: Thursday, November 06, 2008 8:26 AM
To: mozilla's crypto code discussion
Bernie Sumption wrote, On 2008-11-06 03:57:
Graham, Nelson, Eddy, you all make good points.
I'll take your word for it that it's impossible to detect MITM attacks
with 100% reliability, as I said I'm not a security expert.
How about an MITM detection service that gives no false positives,
Dean wrote, On 2008-11-06 04:47 PST:
I entered a defect with test case for this a while back and have not
seen any comments on it.
Yeah, 4 days ago. Be patient. Thanks.
https://bugzilla.mozilla.org/show_bug.cgi?id=458251
/Nelson
___
What curious things do you notice about these certs?
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1224169969 (0x48f759f1)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: CN=unaportal.una.edu,O=University of North Alabama
Validity:
Nelson B Bolyard wrote:
What curious things do you notice about these certs?
Only one key? All have same Issuer + Subject?
iang
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Aside from the fact that they all claim to be issued by themselves,
but the key modulus is the same across all of them?
Perhaps the fact that they're all version 3 certificates that don't
show any version 3 extensions, such as keyUsage and
extendedKeyUsage?
Should there be a check to make sure
...and they're all using MD5?
-Kyle H
On Thu, Nov 6, 2008 at 12:48 PM, Ian G [EMAIL PROTECTED] wrote:
Nelson B Bolyard wrote:
What curious things do you notice about these certs?
Only one key? All have same Issuer + Subject?
iang
___
Kyle,
Kyle Hamilton wrote:
Should there be a check to make sure that disparate sites aren't using
the same public key modulus/exponent?
That would be fairly hard to implement reliably.
Currently, we don't persist end-entity certs of web sites in general in PSM.
Even if we did, what is the
Ian G wrote, On 2008-11-06 12:48:
Nelson B Bolyard wrote:
What curious things do you notice about these certs?
Only one key?
Yup. That's the biggie. It allows the MITM to get by with just a
single private key.
All have same Issuer + Subject?
Yeah, all self signed. All DNs consist of
Nelson B Bolyard wrote:
Ian G wrote, On 2008-11-06 12:48:
Nelson B Bolyard wrote:
What curious things do you notice about these certs?
Only one key?
Yup. That's the biggie. It allows the MITM to get by with just a
single private key.
OK. We can of course all imagine ways to exploit
Kyle,
Kyle Hamilton wrote:
So, essentially, what you're saying is that it was a targeted attack
against a user, instead of an attack targeted against a server?
Apparently, keeping track of keys in certificates placed individually
into NSS might be a good idea regardless.
The attacker
Hi!
Anyone knows the implemented PKCS#11 versions in NSS versions used in
Firefox 2.x and 3.x? Is it PKCS#11 v2.11 or 2.20 ?
Thanks,
--
Martin Paljak
http://martin.paljak.pri.ee
+372.515.6495
___
dev-tech-crypto mailing list
16 matches
Mail list logo
