On 02/02/2011 04:48 AM, Gervase Markham wrote:
> On 01/02/11 23:03, Robert Relyea wrote:
>> 1) use request/not require certificate. If a certificate is supplied,
>> that will show up in the initial handshake. The certificate will tell
>> the server which account and you can bypass login altogether.
Hi,
I want to build certifiacte chain using a certifiacte passed by user
and some certificates which are already there in the certDB.
I am using CERT_NewTempCertificate(certDB, &certItem, NULL, PR_FALSE,
PR_TRUE); to add the user given cert temporarily in the certDB.
After the chain is established
On 02/02/2011 06:41 AM, Gervase Markham wrote:
On 01/02/11 20:02, Marsh Ray wrote:
Whether or not client certs count as a second factor is somewhat
philosophical. In some sense, the private key stored in the browser
functions as another "something you know" like a password. If the PC is
pwned, t
On 2. 2. 2011 13:37, Gervase Markham wrote:
On 01/02/11 18:08, Matej Kurpel wrote:
@Q4: I am doing this as my diploma thesis, it works for Windows Mobile
phones/PDAs and is tested with Firefox and Thunderbird. Certificate
login works fine in Firefox.
Can you tell us a bit more about this?
How
On 02/02/2011 02:41 PM, From Gervase Markham:
If your computer is pwned, you have lost. So I'm not worried about the
disadvantages of client certs from that perspective.
If your computer is taken over, neither username.password pairs will
help you...
I'm more worried about their possible us
On 02/02/11 23:48, Gervase Markham wrote:
Sounds technically plausible - we can possibly require all the security
groupt to use Firefox 4 - but seems like it would require some serious
Apache mod_ssl hacking.
Not necessarily - Bugzilla could, for those accounts, instead of
generating the ses
On 01/02/11 23:03, Robert Relyea wrote:
1) use request/not require certificate. If a certificate is supplied,
that will show up in the initial handshake. The certificate will tell
the server which account and you can bypass login altogether. If no
certificate is supplied, you can bounce to user t
On 01/02/11 20:02, Marsh Ray wrote:
Whether or not client certs count as a second factor is somewhat
philosophical. In some sense, the private key stored in the browser
functions as another "something you know" like a password. If the PC is
pwned, they can get the private key too.
If your compu
On 01/02/11 18:08, Matej Kurpel wrote:
@Q4: I am doing this as my diploma thesis, it works for Windows Mobile
phones/PDAs and is tested with Firefox and Thunderbird. Certificate
login works fine in Firefox.
Can you tell us a bit more about this?
How does what you are doing compare to http://mo
aerow...@gmail.com wrote:
On Tue, Feb 1, 2011 at 1:19 PM, Marsh Ray wrote:
On 02/01/2011 02:41 PM, Anders Rundgren wrote:
What about the client cert in a smart card?
That's old and standard and supported by Mozilla.
I don't know what kind of prices you'd have to pay for small quantities
tho
10 matches
Mail list logo