hi all,
i am having some problem with bn_mul_add_words, my gprof profiling shows it
is very cpu intensive. can we optimize it for the windows version.
below is my gprof call graph.
index % timeself childrencalled name
spontaneous
[1]
Collective answer to Jean-Marc and Michael.
Green messaging :-)
Before going too deep into this you should be aware of the
fact that Microsoft's recently introduced Information Card
scheme also when using a local X.509 certificate to authenticate
to the IdP does not specify TLS-client-cert-auth
On Thu, Aug 28, 2008 at 11:59 PM, Anders Rundgren
[EMAIL PROTECTED] wrote:
Collective answer to Jean-Marc and Michael.
Green messaging :-)
Before going too deep into this you should be aware of the
fact that Microsoft's recently introduced Information Card
scheme also when using a local
It appears that the word branding in a PKI GUI sent
some bad vibes around but it is really about switching from
unintelligible textual data such as
CN=John Smith, serialNumber=554544
to a card metaphor like you already use in the physical world;
not about annoying the user with Vista-like
Hi all,
I am developing a JavaScript-based Firefox add-on which could make use
of cryptography primitives like encrypting/decrypting short strings
with RSA/AES.
A pure JS implementation of those algorithms is way to slow. I have
come across the NSS library which seems to be part of the default
Anders Rundgren wrote:
It appears that the word branding in a PKI GUI sent
some bad vibes around but it is really about switching from
unintelligible textual data such as
CN=John Smith, serialNumber=554544
to a card metaphor like you already use in the physical world;
not about annoying
Michael Ströder wrote:
But I'm strictly against any service-specific branding in the GUI of a
PKI client. It should always look the same no matter which service is
accessed
Agreed.
Sure the UI for choosing the client cert could be improved, e.g. just by
displaying more informational attributes
Kyle Hamilton wrote:
http://www.darwinports.com/ -- the version they claim is 3.11.9.
They actually download, build and install the real thing, but they make
some changes.
Here are their makefile changes:
Wan-Teh Chang wrote:
n/NSS_reference/Building_and_installing_NSS
For Mac OS X, copy all the *.dylib and *.chk files from
mozilla/dist/Darwin...OBJ/lib to the installation directory.
Then copy the command-line tools you want from
mozilla/dist/Darwin...OBJ/bin to the installation directory.
Anders Rundgren wrote:
Michael Ströder wrote:
Sure the UI for choosing the client cert could be improved, e.g. just by
displaying more informational attributes from the cert and the PKI
properly filling this attributes.
Essentially you are saying that Information Cards is bad idea.
I
Anders Rundgren wrote:
it matches poorly with web sessions including logout
Why should it match application sessions? Because the web application
developers are too dumb to get the session handling right for
themselves? Because the logout does not behave like they are
used with passwords?
OK, so now I'm really confused. I've done some testing and I am getting
predictable but very confusing results.
I've figured out when the extra thawte cert shows up in my DB and screws
things up.
Note this is all with NSS 3.12
I built NSS 3.12 opt.
Then I put the dylibs and the bin for
Dominik schrieb:
I am developing a JavaScript-based Firefox add-on which could make use
of cryptography primitives like encrypting/decrypting short strings
with RSA/AES.
A pure JS implementation of those algorithms is way to slow. I have
come across the NSS library which seems to be part of the
Kai Engert wrote:
However, you might want to ping the Mozilla labs people who work on the
Weave project, I think they have faced similar challenges. Maybe you can
look at their code to get ideas.
That would be: http://hg.mozilla.org/labs/weave/file/53e25c0c7e2e/src/
It's not a
Michael Ströder [EMAIL PROTECTED] wrote
I fail to see how this could be improved by new shiny XML-based protocol
but cannot be improved with the existing protocols (like TLS).
Because the people that works with new shiny XML-based
security protocols are often more interested in interoperability
Anders Rundgren wrote:
Michael Ströder [EMAIL PROTECTED] wrote
I fail to see how this could be improved by new shiny XML-based protocol
but cannot be improved with the existing protocols (like TLS).
Because the people that works with new shiny XML-based
security protocols are often more
On Fri, Aug 29, 2008 at 7:31 AM, Michael Kaply [EMAIL PROTECTED] wrote:
Wan-Teh Chang wrote:
n/NSS_reference/Building_and_installing_NSS
For Mac OS X, copy all the *.dylib and *.chk files from
mozilla/dist/Darwin...OBJ/lib to the installation directory.
Then copy the command-line tools you
This is probably due to the fact that these efforts are not based on what
the US government needs but what the Internet community needs.
I fail to see who exactly the Internet community is. Maybe that's the
reason I don't understand the problem.
I don't claim to be the definer of this term so
Samrat,
Where are you pulling those symbols from ?
They are not part of NSS .
samrat saha wrote:
hi all,
i am having some problem with bn_mul_add_words, my gprof profiling shows
it is very cpu intensive. can we optimize it for the windows version.
below is my gprof call graph.
index %
Some more test info.
I put everything (dylibs, executables) into usr/local/bin
certutil works
pk12util works (although I get the extra thawte that we talked about
earlier)
signtool fails with:
signtool: function failed: Failure to load dynamic library.
Unknown error: -2804
if I move
Michael,
Michael Kaply wrote:
Some more test info.
I put everything (dylibs, executables) into usr/local/bin
certutil works
pk12util works (although I get the extra thawte that we talked about
earlier)
signtool fails with:
signtool: function failed: Failure to load dynamic
Julien R Pierre - Sun Microsystems wrote, On 2008-08-29 14:47:
Samrat,
Where are you pulling those symbols from ?
They are not part of NSS .
Julien and Samrat:
The bn_ symbols shown below are from OpenSSL's bignum library
(bn = bignum). This newsgroup/mailing list is not the right place
I'm porting a C++ app from OpenSSL/libcrypto to NSS. My app uses
libcrypto to verify and decode a PKCS7 blob (signed by a cert issued
my own self-signed root cert). With libcrypto, this is quite
straightforward. With NSS, however, I'm having trouble verifying the
PKCS7.
CERT_ImportCerts() and
23 matches
Mail list logo