Re: Support for SSL False Start in Firefox

-- stephen.shankl...@cbs.com http://news.cnet.com/deep-tech Twitter/Skype: stshank -- Kurt Seifried k...@seifried.org tel: 1-703-879-3176 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Support for SSL False Start in Firefox

to maintain). So he's only off by a factor of 50 or so. Signer:  Eddy Nigg, StartCom Ltd. -- Kurt Seifried k...@seifried.org tel: 1-703-879-3176 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Permanently store this exception selected by default

Sorry to reply out of order That way they'll get a warning each time, and more likely to go bug their service provider to keep their certs up to date. Tse Chin Even as a technical user I have a hard time finding out whom to contact at a site and how to convince them to get a properly signed

Re: The Rational Rejection of Security Advice by Users by Cormac Herley

When I hit reply the mozilla groups bounces my email, so replying off list. m...@mattmccutchen.net wrote: I'm not claiming that the user knows.  I only said that if there is in fact no impersonation, then the error is a false positive. If you're going to redefine what a false positive is than

Re: The Rational Rejection of Security Advice by Users by Cormac Herley

Wow, now that is over the top! How incredibly obnoxious. So the view of mozilla.org is that their users are incompetent fools. I wonder why you care about security for these 'idiots'? Not everyone on this list speaks on behalf of Mozilla.org (I certainly don't) and even within Mozilla.org I'm

Re: Certificate Patrol error (or malformed ssl certificate?)

Kurt,  I suggest you try posting this again, without the image, but WITH the certificate that caused Certificate Patrol to complain.  As it is, there's no information in this posting with which anyone can help you. That would be the PEM file I placed in the directory.

Certificate Patrol error (or malformed ssl certificate?)

So I logged in to a bank today and Certificate Patrol threw up a warning I haven't seen before (see attached image). What is wrong with this you ask? Look at the dates on the certificates. When is 204/19/2010 exactly? So I downloaded the certificate and ran it through openssl, the text output

Re: Domain-validated name-constrained CA certificates?

This is not an issue.  The name constraint makes it impossible for a domain registrant to issue a certificate that validates for a server name outside that domain.  Hence, anything bad I do with my intermediate certificate could only hurt me as registrant of mattmccutchen.net. What about

Re: Improper SSL certificate issuing by CAs

Is this another 1st of April joke? At least your timing is a bit questionable ;-) No this is not an April fools joke. The PDF at Linux Magazine is what will be in the print copy (due out in 3 weeks I believe). The reality is you can trivially buy SSL certificates for websites you don't control,

Re: Another protection layer for the current trust model

This does not mean that the certificate verification mechanics are at fault; it only means that CA selection protocol has not been thought out properly: it limped along with a handful of CAs, it is showing the serious symptoms of the malaise with hundreds. In the meantime, does anybody