The NSS team has released Network Security Services (NSS) 3.15.1, which is
a minor release.
The HG tag is NSS_3_15_1_RTM. NSS 3.15.1 requires NSPR 4.10 or newer.
Detailed release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.1_release_notes
NSS 3.15 source
The NSS team has released Network Security Services (NSS) 3.15, which is
a minor release.
The HG tag is NSS_3_15_RTM. NSS 3.15 requires NSPR 4.10 or newer.
Detailed release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15_release_notes
NSS 3.15 source distributions
The mailing list was configured to allow application/x-pkcs7-signature,
but it didn't allow application/pkcs7-signature. I've changed the
configuration to allow the latter, too.
Previous messages that were signed were displayed incorrectly by mail
client evolution, which complained about a
Either groups.google.com or giganews ignores (drops) messages containing
a base64 encoded block of data, such as the one contained in S/MIME
signed messages. We had asked to get this resolved [1], but didn't get a
response, and it's still broken.
Apparently the following archives correctly
On Sun, 2013-05-19 at 02:15 -0600, Falcon Darkstar Momot wrote:
It worked, but isn't signed.
The message is shown as signed by evolution.
I believe you experience a display bug (or rather limitation) in
Thunderbird.
The mailing list software wraps the original message into a
multipart/mixed
On Wed, 2013-04-10 at 11:36 -0700, daniemarq...@gmail.com wrote:
I'm trying to generate a Certificate Signing Request to be later signed by a
CA and imported to a NSS database.
Currently Using the following commands:
certutil -R -d alias -f nssPasswordFile -s sample-dn -n sample-dn -k
I'm sending this explanation because I've seen several people being
confused, and I anticipate the confusion might continue for a while.
Since nobody else has done so yet, I'm writing this clarification in the
hope it is useful to avoid future confusion.
As of today, there are development
About 2 weeks ago, we had announced that NSS version 3.15 will use a new
directory layout.
We assume that consumers and packagers of NSS will have to adjust their
environment to the new layout. In order to allow you to prepare early,
you may use the BETA 1 version that we have made available.
-28_Shared_System_Certificates
For general discussions about Mozilla, NSS and this feature, feel free
to reply to this message. For questions specific to the Fedora
development, it might be best to use the Fedora development list
http://lists.fedoraproject.org/mailman/listinfo/devel
Thanks and Regards
Kai
Please ignore the Draft statement in the subject, it's no longer a
draft :)
Thanks
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
To all users of the NSPR, NSS and JSS libraries,
we would like to announce a few technical changes, that will require you
to adjust how you obtain and build the code.
We are no longer using Mozilla'a CVS server, but have migrated to
Mozilla's HG (Mercurial) server.
Each project now lives in
On Sun, 2013-02-10 at 16:26 -0500, David H. Lipman wrote:
VerefedByVisa sercive@ppai|.com wrote in message
news:mailman.139.1360444568.29872.dev-tech-cry...@lists.mozilla.org...
Phishing in a news group. How nice.
I don't understand why that message got through.
The sender isn't a list
test 2
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
I'm having trouble posting to this list.
I'm trying to get an announcement posted,
but the messages simply disappear without errors.
If you end up seeing my messages multiple times,
please apologize.
This issue is being tracked in
bugzilla at mozilla dot org number 839245.
(Not including a
On Fri, 2013-02-08 at 11:41 -0800, Tanvi Vyas wrote:
On 2/8/13 11:38 AM, Kai Engert wrote:
I'm having trouble posting to this list.
I'm trying to get an announcement posted,
but the messages simply disappear without errors.
If you end up seeing my messages multiple times,
please
The NSS team has worked on a fix for the Lucky Thirteen Attack
http://www.isg.rhul.ac.uk/tls/
and has published a beta release which includes that work
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/beta/NSS_3_14_3_BETA1/src/
We'd like to invite users of the NSS library to participate in
On Fri, 2013-02-08 at 12:35 -0800, Nelson B Bolyard wrote:
Today I have given up the position of list owner and moderator for the
dev-tech-crypto mailing list and mozilla.dev.tech.crypto news group, a
position I have held since the list was formed over 10 years ago.
Hello Nelson,
thank you
The NSS 3.14.2 release introduced a build time dependency on a newer
release of SQLite.
That strict dependency wasn't intended and has been removed in CVS. If
you need to build against an older SQLite, you may apply the patch from
https://bugzilla.mozilla.org/show_bug.cgi?id=837799
Kai
--
On Mon, 2013-02-04 at 11:18 -0800, Wan-Teh Chang wrote:
* NSS will now make use of the Intel AES-NI and AVX instruction sets
for hardware-accelerated AES-GCM on 64-bit Linux systems.
Because it turns out to be an FAQ:
On Linux, because of this change, we require at least GNU as version
2.19
On Tue, 2013-02-05 at 23:51 +0100, Kai Engert wrote:
On Mon, 2013-02-04 at 11:18 -0800, Wan-Teh Chang wrote:
* NSS will now make use of the Intel AES-NI and AVX instruction sets
for hardware-accelerated AES-GCM on 64-bit Linux systems.
Because it turns out to be an FAQ:
On Linux
On Sun, 2013-01-27 at 17:00 -0800, Brian Smith wrote:
Hi all,
I tagged NSS 3.14.2 BETA 3 and pushed it to mozilla-inbound to fix
build breakage of ASAN and dxr builds.
Also, now mozilla-central contains a patch for bug 834091. That patch
adds a new public function to libsmime,
On Thu, 2013-01-24 at 10:40 +0100, Jan Lühr wrote:
I noticed that my firefox installation included a wildcard
certificate issued by Entrust.net (attached (*)). I'm not clear how it
got there but wildcard certs make me suspicious by nature. Can you help
me out?
Apparently it got stripped. I
I propose to more actively involve users into the process of accepting
certificates for domains.
I envision a UI where users are required to approve once, whether the
combination of a CA and a domain is acceptable to the user.
The following UI would be shown whenever a user starts a connection
On Mon, 2012-12-31 at 10:38 -0500, Eitan Adler wrote:
* user gets confused: what the heck is this screen?
It's good if users are educated what is going on.
We could have a switch to completely turn this off, if the user really
doesn't care.
* user realizes that pressing yes usually works so
On Mon, 2012-12-31 at 11:17 -0500, Eitan Adler wrote:
Expect the user to click yes to every dialog if prompted without reading.
[*] note, I am not talking about people like you or I that have an
understanding of the implications here. I am talking about the
typical user that studies have
On Mon, 2012-12-31 at 16:26 +0100, Kai Engert wrote:
I propose to more actively involve users into the process of accepting
certificates for domains.
I propose the following in addition:
Each CA certificate shall have a single country where the CA
organization is physically located
Brendan Eich suggested posting to this list, too
(already posted yesterday to Mozilla's dev-planning list).
Hello Mozilla, I'd like to announce a change.
PSM is the name of Mozilla's glue code for PKI related [1] security
features, such as certificate management, web based certificate
On Wed, 2012-11-14 at 14:21 +, Gustavo Homem wrote:
Hi,
I am able to progamatically create key3.db from a script, using
certutil -N -d ...
Hi Gustavo,
this simply prepares an empty database that you need for future
operations.
However this initalization does not add to this file a
On Wed, 2012-11-14 at 15:15 +, Gustavo Homem wrote:
So I need to find out how to call libnss se actually generate a key for
key3.db. But I'm half amazed that it isn't possible via certutil or other CLI
interface.
We'll see, maybe it is, but first we need to identify exactly what you
I haven't worked on the lowlevel code myself yet, so I'm not sure how
exactly it works.
But I just had a look at PSM code nsSDR.cpp, and I'm learning that
secret decoder ring appears to be a functionality provided by NSS,
because I see functions with prefix PK11SDR
There is another NSS tool
On Tue, 2012-11-06 at 22:19 +0800, tehhzstar wrote:
Hello,
Currently, does Mozilla NSS support encrypting of file attachments?
Since it can encrypt email messages, I suppose, it can also support
encrypting of file attachments?
NSS supports encryption.
Regarding email attachments, NSS
On Thu, 2012-10-25 at 15:36 +0200, Wolfgang Rosenauer wrote:
With that version the testsuite fails:
[ 1202s] chains.sh: #2294: Test that OCSP server is reachable - FAILED
[ 1202s] chains.sh: #4023: Test that OCSP server is reachable - FAILED
[ 1202s] chains.sh: #6393: Test that OCSP server
The NSS team has released Network Security Services (NSS) 3.14, which is
a minor release with the following new features:
- Support for TLS 1.1 (RFC 4346)
- Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
- Support for AES-CTR, AES-CTS, and AES-GCM
- Support for Keying
In the upcoming NSS 3.14 release, the default behavior for
certificate signatures using the MD5 hash algorithm will change to
reject by default (see Mozilla bug 590364).
Starting with NSS 3.14, when attempting to validate certificates
containing such signatures, a new error code can be returned:
On Fri, 2012-09-07 at 20:53 +0500, Muhammad Ashraf Nadeem wrote:
I want to
remove all of the buit-in certification authorities in it. please let me
know how mozilla manages the authorities in its source code, i mean in
which direcotry of source.
The list of root certificates is part of
On 25.08.2012 09:58, Ismail JH wrote:
I'm new here, and I would like to contribute in this bug:
Bug 663733 -
Add ability to generate signed OCSP responses for testing
- Can this task be assigned to me ?
You are welcome to work on it and submit patches, as attachments to the bug.
You provided a 5 digit bug number which is menu toolbar doesn't collapse.
I guess you are asking about a different bug number?
Regards
Kai
On 24.08.2012 10:46, Vasantharangan, Shruthi M. wrote:
Hi,
Could you kindly respond to the email below.
Thanks
Shruthi
From: Vasantharangan,
On 09.06.2012 11:53, Erwann Abalea wrote:
Le vendredi 8 juin 2012 22:55:33 UTC+2, Rob Stradling a écrit :
[...]
Might there be a Firefox 13.x point-release that will enable libpkix by
default?
Will Firefox 14 enable libpkix by default?
Or can you say that enabling libpkix by default will
NSS version 3.13.5 has been released
and is available for download from
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_5_RTM/src/
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
I've started a project to produce an
experimental browser (Flowerbeetle) and an
experimental e-mail client (Flowerduck).
The purpose is to enable early testing of security
and PKI related changes, which are proposed for the Mozilla
platform (including Firefox and Thunderbird), but which
haven't
The NSS team has released NSS 3.13.4
CVS tag: NSS_3_13_4_RTM
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_4_RTM/
Please refer to https://bugzilla.mozilla.org/show_bug.cgi?id=741135
for the list of changes contained in this update.
Kai
--
dev-tech-crypto mailing list
On 27.02.2012 18:09, Honza Bambas wrote:
is there some way to just see the current state for each branch? If
not, do you plan to build one?
Yes: https://kuix.de/mozilla/versions/
Regards
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
I would like to make you aware of a new public mailing list, it can be
helpful it you want to track which NSPR/NSS versions are used by Mozilla
software.
https://kuix.de/mailman/listinfo/moz-nss-nspr
Description:
This list watches several Mozilla (Firefox) branches and will send
announcement
While working on an updated paper of the MECAI proposal (which I hope to
post in the next couple of days), the following orthogonal idea came to
me. I don't know whether it is a new idea, or whether it has been
discussed/mentioned before.
Let's say the owner of a domain learns that a rogue
I've just sent the following message to Mozilla's dev-tech-crypto
mailing list, and I thought you might be interested, too.
While working on an updated paper of the MECAI proposal (which I hope to
post in the next couple of days), the following orthogonal idea came to
me. I don't know
On 23.02.2012 20:53, Kai Engert wrote:
I've just sent the following message to Mozilla's dev-tech-crypto
mailing list, and I thought you might be interested, too.
I apologize for the double post, the second post was intended for a
different mailing list...
--
dev-tech-crypto mailing list
Please find a more detailed description of my proposal
MECAI - Mutually Endorsing CA Infrastructure
at
https://kuix.de/mecai/mecai-proposal-v2.pdf
(PDF, 12 pages)
I'm looking forward to your feedback,
please let me know if parts are difficult to
understand or need clarification.
Best
We have released NSS 3.13.3
The motivation for this quick follow-up release were the fixes for bug
727204 and bug 724929.
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_3_RTM/src/
Regards
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On 19.02.2012 02:46, Stephen Schultze wrote:
Brian has in the past discussed proposed updates to NSS that would
allow us to penalize bad CA behavior by removing trust of all certs
from a given CA that were issued after a given date (or even for X
amount of time after a given date).
Someone
We have released NSPR 4.9, cvs tag NSPR_4_9_RTM
We have released NSS 3.13.2, cvs tag NSS_3_13_2_RTM
Source code is available from
ftp://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.9/src/
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_2_RTM/src/
Kai
--
dev-tech-crypto
Due to an oversight, the official Firefox 10 release was shipped with a
beta snapshot of the NSPR base library.
We believe this is a minor issue, the difference between the beta
snapshot and the final version 4.9 are small.
You may inspect the differences at
My criticism:
(a)
I don't like it that the amount of CRLs will be a subset of all CRLs.
What about all the revoked certificates that aren't included in the list?
With a dynamic mechanism like OCSP (and in the future OCSP stapling) you
don't have to make a selection.
(b)
I don't like it
My previous message was a proposed solution to the problem attacker is
close to the server and uses it to obtain a new fraudulent cert, and I
proposed to use an organizational approach to prevent that attack.
In addition, another potential attack is, the attacker has obtained a
certificate
On 07.02.2012 17:54, Ondrej Mikle wrote:
The phone calls would ensure that each registered person will be aware
of the certificate issuance.
This is getting very close to EV validation (Sovereign Keys have the
same issue).
I'd say making phone calls is less effort than checking business
On 21.10.2011 15:09, Kai Engert wrote:
This is an idea how we could improve today's world of PKI, OCSP, CA's.
https://kuix.de/mecai/
Review, thoughts and reports of flaws welcome.
Thanks to Peter Eckersley, who first mentioned to me at 28c3 that there
is one scenario that isn't solved
Just a quick thought, that I don't want to lose.
Maybe it would be a reasonable middle-ground to define:
- for intermediate CAs, OCSP information is published in DNS
- for servers, we use OCSP stapling
(Rob, thanks for your response, I'm still digesting.)
Regards
Kai
--
dev-tech-crypto mailing
On 21.10.2011 15:09, Kai Engert wrote:
This is an idea how we could improve today's world of PKI, OCSP, CA's.
https://kuix.de/mecai/
After more brainstorming I came up with some incremental ideas.
Thanks a lot to Adam Langley for pointing out scenarios that weren't yet
sufficiently handled
(a)
I've installed Apache 2.3.14-beta with OCSP stapling enabled at:
https://kuix.de:5143/ - good certificate
https://kuix.de:5144/ - revoked certificate
Thanks to StartCom for providing me with free certificates, and also for
providing a free revocation service.
(b)
Note to other CAs, (as
The NSS team released version 3.13.1, a general patch release.
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_1_RTM/src/
SHA1SUM:
d8e7ee9f9f1e0bfa2ea8b72d25727634fea130a6 nss-3.13.1.tar.gz
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
This is an idea how we could improve today's world of PKI, OCSP, CA's.
https://kuix.de/mecai/
Review, thoughts and reports of flaws welcome.
Thanks and Regards
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
NSPR 4.8.9 and NSS 3.12.11 have been released
and are available for download from ftp.mozilla.org
or using CVS tags NSPR_4_8_9_RTM / NSS_3_12_11_RTM
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Hi Ralph,
if you have resources to work on this or to coordinate this, please go
ahead. I haven't yet. If I should, I would contact you to coordinate.
Regarding traceroute, you could look at the existing WorldIP Add-On,
which claims to support it, and potentially copy that code, under the
I would like to propose that someone could implement an addon for
Mozilla applications with the following functionality:
- it comes with a list of several hundred known major services,
including https and email servers.
- if the user gets a certificate error on one of the
major sites, we
On 16.06.2011 13:52, Gervase Markham wrote:
On 11/06/11 12:03, Michael Ströder wrote:
This means if the user accidently sent in contact information in an
e-mail footer this information is also disclosed. If not already there
you should put a strong hint on the web page that the signed S/MIME
On 10.06.2011 13:33, Jean-Marc Desperrier wrote:
Kai Engert wrote:
I'm thinking the following could solve the problem
Please help me: which problem is it, that you want to solve, that isn't
yet solved by the current implementation?
Ease of use, understandability of the process
On 03.06.2011 00:12, Kai Engert wrote:
In short, go to
http://kuix.de/smime-keyserver/
and give it a try.
...
(as of today, the keyserver accepts the same signing roots
as Mozilla software. It also allows certs from cacert.org)
In addition it will also accept the certs from
http
On 08.06.2011 13:51, Jean-Marc Desperrier wrote:
Is the script smart enough to identify and extract the encryption
certificate in the mail when the sender uses separate signature and
encryption certificates ? (and of course the S/MIME properties are
correctly set to identify this, and propagate
On 08.06.2011 14:15, Jean-Marc Desperrier wrote:
This seems to be solved with my implementation, because my keyserver can
forward the original signed message.
But it's not really a great solution.
Why not?
I'm thinking the following could solve the problem
Please help me: which problem
How are cert renewals handled? Will you send an e-mail about certs soon
to be expired to encourage the user to send in a newer cert?
Not yet, but it wouldn't be a lot of work to setup a daily cronjob that
walks through the list of stored certs.
Also note that one of the issues is that the
In short, go to
http://kuix.de/smime-keyserver/
and give it a try.
Although I can't guarantee that this service will continue to run,
I will try to keep it up,
and I would like to see many people using it.
Longer explanation:
The GPG/PGP world has long known the concept of keyservers -
This announcement is related to the same underlying issue as reported in
http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/
While the above mentioned hotfix was made at the Mozilla client
application level, we would like to provide a hotfix at the NSS level,
NSS version 3.12.7 has been released and is available from ftp.mozilla.org
It should be used with NSPR version 4.6.8
(announcing on behalf of the NSS team)
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Today I read some technical documents at http://www.torproject.org which
is a project that tries to enhance anonymity of Internet users, or allow
Internet users to circumvent censorship.
With Tor, your outgoing connections will be routed (using encryption) to
a chain of random Tor servers,
On 12.04.2010 07:36, Kurt Seifried wrote:
Right but I can't find any contact info for certificate patrol and I
figured if anyone knew about it, they're probably on this list. That
and I couldn't find an add-ons mailing list (how does on get on
contact with them?). The word contact doesn't occur
On 12.04.2010 16:22, Kai Engert wrote:
On 12.04.2010 07:36, Kurt Seifried wrote:
Right but I can't find any contact info for certificate patrol and I
figured if anyone knew about it, they're probably on this list. That
and I couldn't find an add-ons mailing list (how does on get on
contact
On 09.04.2010 00:41, Matt McCutchen wrote:
On Thu, 2010-04-08 at 09:59 -0700, Robert Relyea wrote:
The yellow larry is a good proposal, and probably implementable much
sooner than noisy warnings.
I'm glad you like it. I guess the next thing needed is for someone to
actually implement it,
sites...
If the user authenticates using a certificate, we could show the
following menu:
www.site.com (disabled menu item)
Log out
x Authenticated (Kai Engert, StartCom Free Certificate Member)
Authenticate using a different Certificate
On 31.03.2010 14:26, Eddy Nigg wrote:
[ Please follow up to mozilla.dev.tech.crypto ]
After some discussion at bug 554594 I'm following up here - the bug was
unfortunately misused by me a little for the initial discussion.
At https://wiki.mozilla.org/Security:Renegotiation under item 4.4 the
On 28.03.2010 06:19, Nelson B Bolyard wrote:
The sequence of events in the dialog is likely, IMO, to give the users the
impression that client authentication is a user-initiated act, rather than
a server initiated act. It seems to say to the user, if you want to
authenticate to this server with
, but I'm fine with any location in
primary chrome. If neither client auth nor bad certs are involved, all
icons are hidden.
On 16/03/10 23:12, Kai Engert wrote:
In short, we'd like to stop the current prompts and implement a better
user interface.
I think that it would be extremely wise
On 17.03.2010 02:40, Wan-Teh Chang wrote:
Is your proposal or Aza Raskin's proposal similar to the proposal that
Henry Story of the foaf project has been advocating?
No, under the assumption you're refering to http://esw.w3.org/Foaf%2Bssl
Contrary to foaf+ssl I'm not proposing any new
I'd like to announce two design documents.
The primary intention is to improve the functionality of SSL client
authentication in Mozilla software.
In short, we'd like to stop the current prompts and implement a better
user interface.
The basic idea is to show an indicator in chrome whenever
On 23.02.2010 02:21, Jan Schejbal wrote:
Hi,
Test server at https://ssltls.de
none of the two images is visible with my Fx3.6. I don't give any
guarantees about my prefs and addons, though.
Jan
Firefox 3.6 does not yet have any fixes for this. As of today, only the
experimental nightly
On 23.02.2010 02:21, Jan Schejbal wrote:
Hi,
Test server at https://ssltls.de
none of the two images is visible with my Fx3.6. I don't give any
guarantees about my prefs and addons, though.
Jan
Firefox 3.6 does not yet have any fixes for this. As of today, only the
experimental nightly
On 18.02.2010 02:45, Eddy Nigg wrote:
If you currently have a https site that's partly open and partly
accessed only with client authentication, I think the only reasonable
way out is to break it in two.
Not sure what you mean, but the server doesn't accept client initiated
renegotiation.
Ian G wrote:
Which language suggests they have to do verification *themselves* ?
The fact that the policy talks about a CA, and I didn't see talk about
external entities.
BTW, it would be quite problematic to insist that the CAs do this job
themselves.
CAs are not generally experts on
Eddy Nigg wrote:
On 12/28/2008 01:13 PM, Kai Engert:
The current Mozilla CA Certificate Policy says:
6. We require that all CAs whose certificates are distributed with our
software products: ... provide attestation of their conformance to the
stated verification requirements ...
Kai, just
After having read the posts related to the unbelievable event, I
understand the event involved an approved CA and an external entity they
work with.
From my perspective, it's a CA's job to ensure competent verification
of certificate requests. The auditing required for CAs is supposed to
prove
Nelson B Bolyard wrote:
Pardon my ignorance, but, what is CentOS ?
CentOS is the name of a Linux distribution.
Kai
smime.p7s
Description: S/MIME Cryptographic Signature
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
Nelson Bolyard wrote:
SM 2.0 alpha pre-release does use NSS 3.12, but it still does not support
EV UI. Although I use SM trunk builds exclusively, I have never seen a
green bar or the authenticated web site principal name or country name
in the chrome anywhere. I see no difference between EV
Nelson Bolyard wrote:
SM 2.0 alpha pre-release does use NSS 3.12, but it still does not support
EV UI. Although I use SM trunk builds exclusively, I have never seen a
green bar or the authenticated web site principal name or country name
in the chrome anywhere. I see no difference between EV
Subrata Mazumdar wrote:
I am using Firefox 3.0.3. I have FIPS enabled the software security
device using Secuirty Devices dialog window in PSM.
This step forced me to add password protect the internal Key token
(Software security device).
Then, I tried to change the password of the internal key
Kai Engert wrote:
Subrata Mazumdar wrote:
I am using Firefox 3.0.3. I have FIPS enabled the software security
device using Secuirty Devices dialog window in PSM.
This step forced me to add password protect the internal Key token
(Software security device).
Then, I tried to change the password
Wan-Teh Chang wrote:
- The password must be at least seven characters long.
- The password must consist of characters from three or more character
classes (uppercase, lowercase, digits, etc.).
NSS rejects abcDEF7 although it matches your above description.
Kai
smime.p7s
Description:
Nelson B Bolyard wrote:
Wan-Teh Chang wrote, On 2008-09-02 10:36:
I believe this is the relevant source code in Firefox:
http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsNSSComponent.cpp#1596
The above code sets the default for a new socket.
I believe this
Dominik schrieb:
I am developing a JavaScript-based Firefox add-on which could make use
of cryptography primitives like encrypting/decrypting short strings
with RSA/AES.
A pure JS implementation of those algorithms is way to slow. I have
come across the NSS library which seems to be part of the
[EMAIL PROTECTED] wrote:
for normal CAs, it's an easy task to add them as trusted root to
Mozilla. Now I'm trying to setup my own local extended validation CA.
Is it possible to add it locally as trusted root? On the OpenSSL
mailing list I was told this wouldn't be an easy tasks, as EV CAs are
On behalf of Bob Relyea, who did the majority of the work on this
feature, we would like to announce that a new feature for sharing the
NSS database amongst multiple applications is ready for testing.
The feature is included in NSS 3.12 which is the version that got
shipped in Firefox 3.
We
Ruchi Lohani wrote:
Hi,
Can anybody tell me something about the various nss packages that are
there in ubuntu (hardy).
I see libnss3-0d
libnss3-1d
libnss3-1d-dbg
libnss3-dev
etc.
I have the following in my /usr/lib
lrwxrwxrwx 1 root root 13
Sune Mølgaard wrote:
With sm trunk, I get a whole bunch of prompts for the master password on
startup.
https://bugzilla.mozilla.org/show_bug.cgi?id=348997
smime.p7s
Description: S/MIME Cryptographic Signature
___
dev-tech-crypto mailing list
101 - 200 of 213 matches
Mail list logo