Re: Entrust CA, Staat der Netherlanden CA, Proposal

I tried to find out about requirements in the Entrust CPS (http://www.entrust.net/CPS/pdf/webcps051404.pdf) however couldn't find any regulation concerning cross-signing. Maybe this is covered in a different document of theirs. However I also couldn't find any regulation concerning S/MIME and

Re: Entrust CA, Staat der Netherlanden CA, Proposal

At 10:48 AM -0400 5/2/08, Frank Hecker wrote: On Fri, May 2, 2008 at 8:08 AM, Eddy Nigg (StartCom Ltd.) [EMAIL PROTECTED] wrote: In comment https://bugzilla.mozilla.org/show_bug.cgi?id=431621#c5 the representative of DigiNotar (Kick) notes that their CA root has been cross-signed by

Re: Entrust CA, Staat der Netherlanden CA, Proposal

Paul Hoffman: There is also a policy question of whether or not Entrust's CPS says what cross-signing means in a way that both we and the auditors can understand. On its face (without having read the documents), I think it sounds pretty shaky to have a CA saying you can trust that other CA to

Re: Microsoft COFEE

I think the point is microsoft is storing passwords rather than salted, iterated hashes of passwords, storing EFS symmetric keys in clear text or lightly obfuscated in LSA keys which is not encrypted, just protected by policy tied to the windows login, and all these insecure things vs say linux