Re: How-to guide for email encryption

2008-11-19 Thread Michael Ströder
Julien R Pierre - Sun Microsystems wrote: My insurance company chose to deploy webmail with an HTTPS interface with a shared-secret login (password) for secure messages between patient and doctors. As a result, I cannot (easily) archive the messages I receive and send locally. I have to login

Re: How-to guide for email encryption

2008-11-19 Thread Michael Ströder
Julien R Pierre - Sun Microsystems wrote: Michael, Michael Ströder wrote: Anders Rundgren wrote: IM[NS]HO, S/MIME encryption using PKI is one of the biggest security farces ever. I don't see why. Regarding the guide, I believe that e-mail encryption would be fairly common if it had been

Re: How-to guide for email encryption

2008-11-19 Thread Michael Ströder
Paul Kinzelman wrote: Wow, I guess I really opened a can of worms. Interesting discussion, but like somebody said, it's really off the original topic I posted. You should have a look at the ietf-pkix mailing list archive to a get a feeling about more cans of worms. ;-) I'm just glad to

Re: Firefox' password manager with sqlite based NSS

2008-11-19 Thread Wolfgang Rosenauer
Wolfgang Rosenauer schrieb: Are you trying to use NSS_InitWithMerge to create a new cert9.DB where none existed before? Yes. NSS_InitWithMerge is used regardless of an existing cert9.db (and even cert8.db). The conversion function uses pretty much what is on

Re: Firefox' password manager with sqlite based NSS

2008-11-19 Thread Nelson Bolyard
Wolfgang Rosenauer wrote: Wolfgang Rosenauer schrieb: Are you trying to use NSS_InitWithMerge to create a new cert9.DB where none existed before? Yes. NSS_InitWithMerge is used regardless of an existing cert9.db (and even cert8.db). The conversion function uses pretty much what is on

SV: Slamming S/MIME. Re: How-to guide for email encryption

2008-11-19 Thread Peter Lind Damkjær
Graham Leggett wrote: What is content checking and what does it have to do with security? FYI In Denmark a nationwide PKI has been deployed in the last couple of years. Very soon after the start we realized that content scanning and S/MIME was clashing in a number of organisations. We (the

Re: WISeKey root inclusion request (re-start public discussion)

2008-11-19 Thread Michael Ströder
Eddy Nigg wrote: The Wisekey case could be where we might draw the line. Provided that - there is a *good compelling reason* for using sub-ordinate certificates in first place, limited to the domains under the control of the owner (via name-constraints) and with reasonable controls in place

Re: Slamming S/MIME. Re: How-to guide for email encryption

2008-11-19 Thread Anders Rundgren
Guys, Let's return to this topic in 5 years or so and see if S/MIME actually has gotten any further with respect to uptake. You and me obviously have the opposite position on this one. Sort of Yes we can versus No, you can't to paraphrase a recent moment in world history :-) They say that

Re: Slamming S/MIME. Re: How-to guide for email encryption

2008-11-19 Thread Eddy Nigg
On 11/19/2008 05:52 PM, Anders Rundgren: In the meantime, wouldn't it be of some value if Mozilla tried to satisfy a PKI- related activity that in number of users, already is much bigger than S/MIME, i.e. the concept of Web Signing? What is this supposed to be? Perhaps I missed it? --

Re: Slamming S/MIME. Re: How-to guide for email encryption

2008-11-19 Thread Ian G
Anders Rundgren wrote: Guys, Let's return to this topic in 5 years or so and see if S/MIME actually has gotten any further with respect to uptake. You and me obviously have the opposite position on this one. Sort of Yes we can versus No, you can't to paraphrase a recent moment in world

Web Signing. Re: Slamming S/MIME. Re: How-to guide for email encryption

2008-11-19 Thread Anders Rundgren
Collective posting to save list-space. Aka green posting :-) Eddy Nigg wrote: i.e. the concept of Web Signing? What is this supposed to be? Perhaps I missed it? Ian G wrote: What is Web Signing? And, what are the requirements? As I wrote in my previous Slamming S/MIME posting, maybe some

Web signing?

2008-11-19 Thread Nelson Bolyard
Eddy Nigg wrote: On 11/19/2008 05:52 PM, Anders Rundgren: In the meantime, wouldn't it be of some value if Mozilla tried to satisfy a PKI- related activity that in number of users, already is much bigger than S/MIME, i.e. the concept of Web Signing? What is this supposed to be? Perhaps I

Re: subroots (was WISeKey)

2008-11-19 Thread Eddy Nigg
On 11/19/2008 03:56 AM, Ian G: Yes, and at a technical level I don't see an issue. At a legal/liabilities level I see an open question: who is taking on the liability, how is it shared, etc. ...and I might add, how are the basic requirements of the Mozilla CA Policy governed... I also

Re: How to use SECMOD_LoadUserModule and SECMOD_UnloadUserModule

2008-11-19 Thread Robert Relyea
Wan-Teh Chang wrote: The SECMOD_LoadUserModule and SECMOD_UnloadUserModule functions were added in https://bugzilla.mozilla.org/show_bug.cgi?id=132461, but no NSS utilities or test programs use these functions, so the only sample code for these functions that I can find is PSM. PSM uses these

Re: NSS DB migration problem

2008-11-19 Thread Hans Petter Jansson
On Sat, 2008-11-15 at 19:06 -0800, Nelson B Bolyard wrote: Hans Petter Jansson wrote, On 2008-11-15 17:57: It's on separate workstations, but in some cases one database migrates successfully while another fails on the same system. Is is possible that more than one version of the NSS