--
stephen.shankl...@cbs.com
http://news.cnet.com/deep-tech
Twitter/Skype: stshank
--
Kurt Seifried
k...@seifried.org
tel: 1-703-879-3176
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
to
maintain). So he's only off by a factor of 50 or so.
Signer: Eddy Nigg, StartCom Ltd.
--
Kurt Seifried
k...@seifried.org
tel: 1-703-879-3176
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Sorry to reply out of order
That way they'll get a warning each time, and more likely to go bug
their service provider to keep their certs up to date.
Tse Chin
Even as a technical user I have a hard time finding out whom to
contact at a site and how to convince them to get a properly signed
When I hit reply the mozilla groups bounces my email, so replying off list.
m...@mattmccutchen.net wrote:
I'm not claiming that the user knows. I only said that if there is in
fact no impersonation, then the error is a false positive.
If you're going to redefine what a false positive is than
Wow, now that is over the top! How incredibly obnoxious. So the view of
mozilla.org is that their users are incompetent fools. I wonder why you care
about security for these 'idiots'?
Not everyone on this list speaks on behalf of Mozilla.org (I
certainly don't) and even within Mozilla.org I'm
Kurt, I suggest you try posting this again, without the image, but WITH
the certificate that caused Certificate Patrol to complain. As it is,
there's no information in this posting with which anyone can help you.
That would be the PEM file I placed in the directory.
So I logged in to a bank today and Certificate Patrol threw up a
warning I haven't seen before (see attached image).
What is wrong with this you ask? Look at the dates on the
certificates. When is 204/19/2010 exactly?
So I downloaded the certificate and ran it through openssl, the text
output
This is not an issue. The name constraint makes it impossible for a
domain registrant to issue a certificate that validates for a server
name outside that domain. Hence, anything bad I do with my
intermediate certificate could only hurt me as registrant of
mattmccutchen.net.
What about
Is this another 1st of April joke? At least your timing is a bit
questionable ;-)
No this is not an April fools joke. The PDF at Linux Magazine is what
will be in the print copy (due out in 3 weeks I believe). The reality
is you can trivially buy SSL certificates for websites you don't
control,
This does not mean that the certificate verification mechanics are at
fault;
it only means that CA selection protocol has not been thought out properly:
it limped along with a handful of CAs, it is showing the serious symptoms
of the malaise with hundreds. In the meantime, does anybody
10 matches
Mail list logo