Robert Relyea a écrit :
On 01/04/2012 05:56 PM, Brian Smith wrote:
> Robert Relyea wrote:
>> On 01/04/2012 04:18 PM, Brian Smith wrote:
>> In the cases where you fetch the intermediates, the old code will not
>> work!
[...] I'm talking about
fetching intermediates themselves because they
Ashok Subash wrote:
> We'll go with your suggestion of using NSS after size reduction for
> this project for our security requirements. But right now we cannot
> upgrade to latest firefox due to the current schedule and resources
> we have for this project. We will follow the guidelines listed in
>
Jean-Marc Desperrier wrote:
> Brian Smith a écrit :
> > 3. libpkix can enforce certificate policies (e.g. requiring EV
> > policy OIDs). Can the non-libpkix validation?
>
> EV policy have been defined in a way that means they could be
> supported by a code that handles an extremely tiny part of al
Hi Brian,
We'll go with your suggestion of using NSS after size reduction for
this project for our security requirements. But right now we cannot
upgrade to latest firefox due to the current schedule and resources we
have for this project. We will follow the guidelines listed in the
611781 as well
> On 01/04/2012 03:51 PM, Brian Smith wrote:
> > Ryan Sleevi wrote:
> >> IIRC, libpkix is an RFC 3280 and RFC 4158 conforming implementation,
> >> while non-libpkix is not. That isn't to say the primitives don't exist
> >> -
> >> they do, and libpkix uses them - but that the non-libpkix path doesn
On 2012-01-05 02:45, Robert Relyea wrote:
>> I am curious as to how smartcard management is supposed to work for Linux.
>> It seems to me that it would be ideal for Firefox to support the shared DB
>> on Linux. Are there OS-level tools for managing the shared DB.
>> For example, is there an OS-le
(resending from the correct address)
> On 01/04/2012 03:51 PM, Brian Smith wrote:
> > Ryan Sleevi wrote:
> >> IIRC, libpkix is an RFC 3280 and RFC 4158 conforming implementation,
> >> while non-libpkix is not. That isn't to say the primitives don't exist
> >> -
> >> they do, and libpkix uses them
> Brian Smith a écrit :
> > 3. libpkix can enforce certificate policies (e.g. requiring EV policy
> > OIDs). Can the non-libpkix validation?
>
> EV policy have been defined in a way that means they could be supported
> by a code that handles an extremely tiny part of all what's possible
> with
Brian Smith a écrit :
3. libpkix can enforce certificate policies (e.g. requiring EV policy
OIDs). Can the non-libpkix validation?
EV policy have been defined in a way that means they could be supported
by a code that handles an extremely tiny part of all what's possible
with RFC5280 certific
Robert Relyea a écrit :
7. libpkix can actually fetch CRL's on the fly. The old code can only
use CRL's that have been manually downloaded. We have hacks in PSM to
periodically load CRL's, which work for certain enterprises, but not
with the internet.
PSM's periodic CRL download's certainly qui
On 01/04/2012 05:56 PM, Brian Smith wrote:
> Robert Relyea wrote:
>> On 01/04/2012 04:18 PM, Brian Smith wrote:
>> Are you actually fetching intermediates?
>>
>> In the cases where you fetch the intermediates, the old code will not
>> work! We don't fetch the intermediate if we already have it, or
11 matches
Mail list logo