Import .cer into my .keystore

2008-11-17 Thread kalramadevi03
Hi I am having 2 different keystores. One is having a cert for one particular client which the other is not having. My plan is to export the car from the first available one and import the same into the other which is not having that. For this i am trying the following steps. 1. Export the .cer

Re: how to decrypt with pubkey without pkcs1 padding things

2008-11-17 Thread Robert Relyea
Ken wrote: 2008/11/15 Robert Relyea [EMAIL PROTECTED]: NZzi wrote: Robert Relyea wrote: NZzi wrote: hi all: I want to use private key to encrypt a message, and decrypt with public key. Are you encrypting data or a symmetric Key? Most of the nss code that

Re: NSS DB migration problem

2008-11-17 Thread Robert Relyea
Hans Petter Jansson wrote: This works for some databases, but not others. It doesn't seem to matter which application created the database (I've tried with databases from Firefox and Evolution) - e.g. one user's database may fail while another user's database may migrate properly. When it

Re: MITM in the wild

2008-11-17 Thread Ian G
Eddy Nigg wrote: On 11/12/2008 05:21 PM, Ian G: No it's not. You just need the person, not their identity. LOL, you are funny...and how exactly do you get the person if you don't know who it is that you need? This is what the (verified real) identity details in certificates are here for...

subroots (was WISeKey)

2008-11-17 Thread Ian G
Frank Hecker wrote: We've had some lengthy discussions about the issue of auditing subordinate CAs. I'm not going to rehash all those discussions, I'll just summarize my current thinking: First, the general issue of auditing subordinate CAs was something we didn't think through much when we

Re: MITM in the wild

2008-11-17 Thread Eddy Nigg
On 11/15/2008 05:18 PM, Ian G: Eddy Nigg wrote: On 11/12/2008 05:21 PM, Ian G: Not sure why, but your posting arrived just only now... What is clear is that the name is not really the essence of the process, it is just one part. So if we are claiming the full essence of getting people to

Re: subroots (was WISeKey)

2008-11-17 Thread Eddy Nigg
On 11/15/2008 06:29 PM, Ian G: I agree it is an issue that we should try and clarify, if not nail down. Sounds good! One way to short-circuit this is to simply state that the root CA is responsible for any/all subroots. This is the situation we had until recently, with CAs under their own

Re: WISeKey root inclusion request (re-start public discussion)

2008-11-17 Thread Eddy Nigg
On 11/14/2008 11:12 PM, Frank Hecker: ...in the short term I'm going to try to restart CA public discussions on a regular schedule. Nice to see you back here! First, the general issue of auditing subordinate CAs was something we didn't think through much when we did our Mozilla CA policy: We

Re: WISeKey root inclusion request (re-start public discussion)

2008-11-17 Thread Eddy Nigg
On 11/18/2008 03:54 AM, Eddy Nigg: Frank, I greatly missed the thorough and systematic work of Kathleen in this bug and it's a pity she didn't perform another round of information gathering in case some new evidence was provided. Anyhow, I couldn't find anything new in the bug since the last

How-to guide for email encryption

2008-11-17 Thread Paul Kinzelman
I created a file to help a newbie get email encryption going. It's what I wish I could have found when I was stumbling through the process myself, and with the help of an expert in this newsgroup (many thanks to you, you know who you are :-), I've created a document for others. Feel free to pass

Re: How-to guide for email encryption

2008-11-17 Thread Anders Rundgren
IM[NS]HO, S/MIME encryption using PKI is one of the biggest security farces ever. Even the use-case is often wrong. Somebody representing e-Health once described for a big audience how S/MIME encryption could be used to exchange private medical information between a doctor and a patient. But