Ian,
Ian G wrote:
Also, add the caveat that this guesstimate only applies Mozilla
product, and not these:
- software that uses NSS but isn't a product of Mozilla
- other libraries
They have to sort themselves out.
Whether we can do much about the other vendors is an open question.
From
Hi,
Thanks for your responses. So it seems like I want to create X.509
certificates from my keys and add them to the PKCS 11 data store in
firefox. I want my certificates to be protected by a password to
access them so does this mean they require their own slot? And if so,
how do I create a new
On 10/24/2008 05:34 PM, Frank Hecker:
Eddy Nigg wrote:
I'd like to pick this discussion up once again and evaluate what the
goals of Mozilla and the Mozilla CA policy really are. Certainly the
above is not the defined goal, but rather provide some reasonable
assurance about the CAs included in N
At 9:42 AM -0700 10/24/08, Robert Relyea wrote:
>Paul Hoffman wrote:
>>Robert: you are already in that business by distributing trust anchors that
>>you have (sometimes) vetted. You are a CA without signing anything, just by
>>distributing a trust anchor repository.
>>
>Yes, but by doing so we a
On 10/24/2008 05:07 PM, Paul Hoffman:
Robert: you are already in that business by distributing trust anchors that you
have (sometimes) vetted. You are a CA without signing anything, just by
distributing a trust anchor repository.
Kind ofMozilla doesn't certify really anything, but exten
Frank Hecker wrote:
So personally I'd consider a 5-day timeframe reasonable, and based on
past conversations with people doing update releases, I think it might
be pushed down as low as 3 days.
I should clarify that this timeframe doesn't include any CA-related
time prior to the Mozilla proj
Ian G wrote:
OK, could we speculate that Mozo apps also could turn out a security
update for their products in ... say 2 business days? Or, what number?
And then, we could suggest that the whole process is likely to take
a week (5 business days)?
The Firefox team has done security updates wit
Eddy Nigg wrote:
I'd like to pick this discussion up once again and evaluate what the
goals of Mozilla and the Mozilla CA policy really are. Certainly the
above is not the defined goal, but rather provide some reasonable
assurance about the CAs included in NSS and Mozilla products and allow
us
Paul Hoffman wrote:
At 3:25 PM +0200 10/24/08, Ian G wrote:
Robert Relyea wrote:
The problem with this idea is that mozilla probably does not want to be
in the CA business. The overhead of creating a mozilla root key in a
safe and secure manner is quite involved (and more than doing a k
At 3:25 PM +0200 10/24/08, Ian G wrote:
>Robert Relyea wrote:
> > The problem with this idea is that mozilla probably does not want to be
>> in the CA business. The overhead of creating a mozilla root key in a
>> safe and secure manner is quite involved (and more than doing a key gen
> > on a smart
Kyle Hamilton wrote:
> RFC3280 has been obsoleted by RFC5280. Aside from that, though...
>
> ...did the people who created PKIX just not realize that if a non-root
> certificate needs the ability to be revoked, a root certificate would
> also?
Hi Kyle,
Of course it was realised, but what they
Robert Relyea wrote:
>>>
>>> Can we eliminate the whole CA notion by just using a single sig over
>>> the list from a "root" ... and just deliver signed updates?
> We could use PKIX to authorize the roots by setting up a mozilla root,
> then cross signing each of the approved roots. In that case m
Julien R Pierre - Sun Microsystems wrote:
> Eddy,
>
> Eddy Nigg wrote:
>> On 10/23/2008 12:34 AM, Julien R Pierre - Sun Microsystems:
>>>... However reality shows that it takes quite some time until
>> a new version of NSS seeps to the application level, including with
>> Mozilla's own products (w
13 matches
Mail list logo
