On 01/04/2012 05:56 PM, Brian Smith wrote:
Robert Relyea wrote:
On 01/04/2012 04:18 PM, Brian Smith wrote:
Are you actually fetching intermediates?
In the cases where you fetch the intermediates, the old code will not
work! We don't fetch the intermediate if we already have it, or it's
Robert Relyea a écrit :
7. libpkix can actually fetch CRL's on the fly. The old code can only
use CRL's that have been manually downloaded. We have hacks in PSM to
periodically load CRL's, which work for certain enterprises, but not
with the internet.
PSM's periodic CRL download's certainly
Brian Smith a écrit :
3. libpkix can enforce certificate policies (e.g. requiring EV policy
OIDs). Can the non-libpkix validation?
EV policy have been defined in a way that means they could be supported
by a code that handles an extremely tiny part of all what's possible
with RFC5280
(resending from the correct address)
On 01/04/2012 03:51 PM, Brian Smith wrote:
Ryan Sleevi wrote:
IIRC, libpkix is an RFC 3280 and RFC 4158 conforming implementation,
while non-libpkix is not. That isn't to say the primitives don't exist
-
they do, and libpkix uses them - but that
On 2012-01-05 02:45, Robert Relyea wrote:
I am curious as to how smartcard management is supposed to work for Linux.
It seems to me that it would be ideal for Firefox to support the shared DB
on Linux. Are there OS-level tools for managing the shared DB.
For example, is there an OS-level UI
On 01/04/2012 03:51 PM, Brian Smith wrote:
Ryan Sleevi wrote:
IIRC, libpkix is an RFC 3280 and RFC 4158 conforming implementation,
while non-libpkix is not. That isn't to say the primitives don't exist
-
they do, and libpkix uses them - but that the non-libpkix path doesn't
use
Hi Brian,
We'll go with your suggestion of using NSS after size reduction for
this project for our security requirements. But right now we cannot
upgrade to latest firefox due to the current schedule and resources we
have for this project. We will follow the guidelines listed in the
611781 as
Jean-Marc Desperrier wrote:
Brian Smith a écrit :
3. libpkix can enforce certificate policies (e.g. requiring EV
policy OIDs). Can the non-libpkix validation?
EV policy have been defined in a way that means they could be
supported by a code that handles an extremely tiny part of all
Ashok Subash wrote:
We'll go with your suggestion of using NSS after size reduction for
this project for our security requirements. But right now we cannot
upgrade to latest firefox due to the current schedule and resources
we have for this project. We will follow the guidelines listed in
the
Robert Relyea a écrit :
On 01/04/2012 05:56 PM, Brian Smith wrote:
Robert Relyea wrote:
On 01/04/2012 04:18 PM, Brian Smith wrote:
In the cases where you fetch the intermediates, the old code will not
work!
[...] I'm talking about
fetching intermediates themselves because they
10 matches
Mail list logo