? Current + ten years? (I guess not, but what does
it really mean?)
I understood your explanation on your use of internal databases and
third party sources. Your answers satisfy my questions in that respect.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
mission and intend to make fully use of the
opportunity offered to me by Mozilla.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
Frank Hecker:
Don't have time for a long response, but I do have one comment below.
Eddy Nigg (StartCom Ltd.) wrote:
One can purchase a popular or less popular domain name, request a
certificate for N years, let the domain name expire after one year, wait
to have it picked up
auditors and they have never raised it as a matter of concern.
I think this answer satisfies my question.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
/the_new_face_of_phishing_1.html
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech
tomorrow back to the list.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev
/generateCRMFRequest for more
information). Depending on that, the issued certificate can then be
supplied to the browser which has a matching private key.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog
.
[2] Success also brings with it greater responsibilities, which is
specially true for this industry.
[3] I'd be glad to gather all the points raised and summarize and
formulate them for this task if this is of any help.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
earlier today. He hopes to be able to reply to at
least some of your questions today.
Great, looking forward to that. Thanks!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
Oh, and it that respect I have another interesting question. Supposed a
CA issues EV certificates (audited and conforming to the relevant
criteria in every respect) but their other CA business (meaning non-EV)
would fail to conform
bit instead.
Frank
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
. CAs aren't really comparable
to car vendors, but rather to the authority approving the car for public
consumption and/or issuing the licenses in order to drive the car. Just
think about it... ;-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
to the exact reference in the CPS since
I most likely missed it.
(Please note that Code Signing serves as an example and may apply to
other types of certificates as well according to the CPS).
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL
software (as stated in the policy). It's my argument, it's my
knowledge I'm offering you, it's my experience I share with you - judge
for yourself...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join
such as identity validation.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev
). That
statement strikes me as unexceptional
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
This particular part DOES bother you, because wild card certificates
aren't controllable in the same way as regular ones. A seemingly
innocent domain name can become a tool for phishing. For example
*.domain.com matches paypal.domain.com
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
3.) Here a few questions in relation to the LiteSSL CPS:
snip
* 4.1 states that the enrollment process MAY include check for
domain ownership. This means that the checks can be omitted?
I think this is another case
.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing
Eddy Nigg (StartCom Ltd.):
4.) Frank, this one is for you:
Since most (if not all) CA root certificates of Comodo were inherited
from the Netscape era and never were properly evaluated by an inclusion
process and in light of the questions above, isn't a thorough review of
this CA in place
to the Comodo CPS v3. Please comment!
Thanks for addressing my questions!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
identity validated may be
intended for fraudulent use. Section 4 explicitly states also that the
list above is not limited! Domain name validated wild card certificates
can be a risk to users security.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
Nelson Bolyard:
Eddy Nigg (StartCom Ltd.) wrote, On 2008-03-15 13:27 PDT:
3.) Here a few questions in relation to the LiteSSL CPS:
* 1.12 states: Because LiteSSL and LiteSSL Wildcard certificates
are not intended to be used in an e-commerce transaction or
environment
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
I working up my backlogat first I thought this to be a good idea to
split the request up, but on the other hand I wonder if it's really that
good. Because we might see all requests in their context maybe...not sure.
For some
to your CA
operations can be directed directly to you at this list?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
, suggestions?
Anyway, haven't looked at their requests into some more detail and
intend to do that until the weekend.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
to the other Comodo roots.
Sorry Frank, but I can't figure which root *exactly* you are referring
to. If you also know which and how many sub roots are already issued
from this root it would be helpful information.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
subordinate CAs. At present there are
two subordinate CAs under the COMODO Certification Authority root:
COMODO EV SSL CA and COMODO EV SGC CA. These two subordinates are
the issuing CAs for end entity certs.
Exactly what I meant, thanks!
--
Regards
Signer: Eddy Nigg, StartCom Ltd
audit reports the effective
dates are only after the 31st of January 2008...I really wonder how KPMG
and their lawyers confirmed such a thing...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join
guidelines cover most
already. So I usually just review the obvious information if it's an EV
request. Of course this is not true, if the same root issues also non-EV
certificates. So much about me picking on details such as these...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
undergoes for
inclusion at Mozilla. I wouldn't know what to say to somebody
complaining about this one...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
are updated and ready for inclusionyou
see what I mean?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Wowowow, slowly! Nelson, I didn't meant to attack you in any way. I
apologize if this what you understood from my previous post!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution
doesn't have to publish
something like this.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
Perhaps it's just a coincident that a representative of Verisign alarms
a bunch of mailing lists at Mozilla about their CA certificates and a
day later the relevant CAs are updated and ready for inclusionyou
see what I mean
in
question. Actually I expected that we'd tackle this as soon as you would
find some time for it and come to a decision either way. A proposal has
been put on the table by me concerning this (which MS in the meantime
adopted ;-) just kidding...)
--
Regards
Signer: Eddy Nigg, StartCom
Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
Nelson Bolyard wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=405966
___
Excellent Nelson! The speed and efficiency you are processing these
things is amazing! Both thumbs up!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
? This might be indeed a bug, can you look at this
please? The error code is indeed sec_error_bad_signature
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
and realizes only after upgrade that he should have done so?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
) themselves. Basically one
isn't limited on the amount of certificates one can create (some
restrictions apply). Hope this helps!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
some
basic info about the security devices and their state(s).
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
etc. etc.
Anyway, thanks for all the suggestions and help!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
to main identity. Just to get
the feeling about what this is about...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
card was already inserted before accessing a certain page. Is it
possible to obtain a smart card ID or other properties of the smart card
device (as loaded by NSS)?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL
back such information, should you really know about it.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Hi Michael,
Michael Ströder wrote:
Eddy Nigg (StartCom Ltd.) wrote:
The issuing CA of a root certificate is *supposed* to be responsible for
its sub CAs naturally, however as a user of Mozilla software I want to
be *assured*, that this is indeed the case.
There is no way to assure
by Mozilla :-)
...which in return would reinstate your faith in Mozilla and the PKI
trust model.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
also be a requirement for yearly updates.
Yes, it has been suggested before, but who would enforce and control it?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
Eddy Nigg (StartCom Ltd.) wrote:
I guess this time you are wrong :-)
Frank, I'm reading it again and againmaybe you are right :-)
Maybe not...but maybe somebody can tell us what its meant to be,
preferable either the Forum or a CA which has external sub CAs which
issue EV (Verisign
confirming the current status of NSS etc...).
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
now. Also EV CAs are
allowed to issue EE certs for up to 23 month (if nothing changed in that
respect since the draft version). But one year is for me the ideal
validity of any EE cert!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL
length of 0, this could
guaranty that only the audited and approved CA is issuing EV
certificates). There are many options possible obviously and I'm just
brainstorming right now.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED
to fiddle with them if
possible...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
smime.p7s
Description: S/MIME
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
snip
... _I'm requesting
hereby and now to have thorough review of this situation and
reassessment_ of the Mozilla CA policy concerning everything related to
sub-ordinated CAs.
This is a good discussion to have, and I agree
,
this is a policy issue.
Is dev-security better or do we need a different channel for it? Policy
issues are handled on this mailing list on a regular basis. And bug
reports are opened accordingly each time... Not sure, but I don't see a
problem here.
--
Regards
Signer: Eddy Nigg
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
snip
... _I'm requesting
hereby and now to have thorough review of this situation and
reassessment_ of the Mozilla CA policy concerning everything related to
sub-ordinated CAs.
This is a good discussion to have, and I agree
is marked as EV, do I understand
that correct?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
with some patents, so even I think it to be outright
ridiculous, how following a URI for fetching a file can be patented.
This is perhaps the greatest shortcoming of NSS up to date.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp
.
If this is the case, we should allow any CA into NSS, most notably a
certain Australian project. The barrier would be a self-audit, as in the
case of the WISeKey subordinate CAs.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL
to it.
Bob, how can I enable this for FF and TB to share the same DB?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
not
sure how.
Oh, I thought one of the stated goals of FF3 is to move to sqlite.
Apparently there was a change in direction at some point?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution
Eddy Nigg (StartCom Ltd.) wrote:
No comment has been added to the bug
https://bugzilla.mozilla.org/show_bug.cgi?id=371362 after a request for
more information was made by me. Is there a way to wake them up somehow?
Just want to make sure, that they are aware that there are some
questions
policy and EV doesn't require it and that's what I wanted to know.
Thanks again Frank for clearing this.
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Except of the Mozilla CA policy suggesting to use intermediate CA
certificates or different roots according to different policies
with the installation (as of now it doesn't
seem to be fixed) please send me details of your server and I help you
with that.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech-crypto
we're looking at first.
OK, I could pick the first four or five requests from your list and
start to work on it...or just assign a few bugs to me and I'll go
through them. Whatever you prefer...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
before June 12, 2007).
This is pretty much true of all early EV issuers, and should clear
itself out once the revaluations are completed.
Do you mean before or after? If before, how much before that date?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
me the bug number for reference, thanks!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
by the Korean Ministry of Information and
Communication to be equivalent to the Webtrust (assuming AICPA)
criteria? I can't find any statement in that respect, but perhaps I'm
simply missing it. Thanks!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
What's the time frame for this?
Time frame for what? I plan to work intensively on EV requests this
week, and get as many as I can on the path to approval as soon as I can.
OK
So if you have comments, either general
://www.mozilla.org/foundation/trademarks/policy.html
___
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
how this can be achieved? What tools I needs to get this done etc.?
Are you building Firefox by your own or do you simply want to import a
CA root? Do you (re)package the browser thereafter or is this only for
yourself?
Thanks in advance.
--
Regards
Signer: Eddy Nigg
these issues. I can't prove that either, but it's the impression
I've got.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
users. It must enable secure
email between MUA users and webmail users alike. Mail security has to
work for both MUA users and webmail users or it will fail.
Can you provide some financial backing? I'm serious...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
useful to limit the validity period to
something responsible (not more than one year after which certificates
must be re-validated or re-newed).
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join
? Can't they
control that by themselves? Mmmhhh...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Daniel, sorry to be interruptive, but let me clarify this...your system
has (almost) nothing to do with identity validation, signing and
encryption and is all about fighting spam. Am I correct with this
assumption?
Daniel Dreymann wrote:
--
Regards
Signer: Eddy Nigg, StartCom Ltd
as a S/MIME user (and consultant) the Mozilla
developers should focus on improving the UI for certificate and S/MIME
handling instead of implementing such a proprietary mechanism.
Yes, I second that!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
in the definition of EV code signing?
Thank you for raising this issue. We discussed this in the MoFo status
call today; Frank should be in touch.
Still waiting to hear about the outcome of that discussion.
/Nelson
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
for enforcing policies still can be implemented with
certs-issued-on-the-fly with more CPU power (and better proxy software).
Ciao, Michael.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join
Gervase Markham wrote:
Eddy Nigg (StartCom Ltd.) wrote:
I explained it before. Because YOU can't read the subject line
/C=ישראל/ST=דרום/O=סטארטקום בעמ/CN=אדי ניק
It's completely useless to you.
Absolutely. So I would seriously consider not trusting a site with such
a subject
: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Kyle Hamilton wrote:
Two short, practical examples, which are gleaned from reality (though
I am
://www.turktrust.com.tr/e/en52.jsp (Official document declared by
TTA)
This is the same statement from June 2005 which is already at the bug
report.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution
. the Unicode Consortium TR#36's list of confusables.
It's not about confusion or spoofing in relation to domain names, but
about the other content of the certificate.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED
: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Kyle Hamilton wrote:
On Dec 4, 2007 4:20 PM, Nelson B Bolyard [EMAIL PROTECTED] wrote:
Gervase
. But if this
is not convincing, not going to force my view onto anybody ;-)
BTW, there is still a difference between German Umlaute or the Hebrew
Aleph-Betbut something like that would be much harder to define than
just Latin letters.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
verify anything at
all? Or does this subject line say anything to you?
C=ישראל/ST=דרום/L=אילת/O=סטארטקום בעמ/CN=ניק אדי
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev
in the future from the root in the NSS
store, because that's what their CPS says today.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
Gervase Markham wrote:
Eddy Nigg (StartCom Ltd.) wrote:
I think what Jean-Marc (and me previously) meant, is not related to the
domain name or email address but about the other details in the subject
line. Obviously the CN (or emailAddress) field is to be verified
accordingly
but about the other details in the subject
line. Obviously the CN (or emailAddress) field is to be verified
accordingly...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
for inclusion?
Is there somewhere else I should be asking these questions?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
to add some notes for future discussions.
Perhaps this would be the appropriate place for it and of course you can
have a look there what I'm suggesting as well. Once there is agreement
on something it can be moved to the front page...what do you think?
--
Regards
Signer: Eddy Nigg
Upon request I tried to add the Third Version of TURKTRUST-CPS (email
verification revised) in PDF format, however it exceeds 300Kb :S
What kind of limit is that? Anyway, will send it directly to whomever
requests it...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
knowing Turkish ;-)
(I also intend to reply to posting made by Mert ÖZARAR a.s.a.p)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
101 - 200 of 274 matches
Mail list logo