On 04/05/15 21:53, David Woodhouse wrote:
On Mon, May 4, 2015 1:25 pm, David Woodhouse wrote:
Surely that's not unique? Using the above example, surely the first
certificate issued by the 2010 instance of 'My CA', and the first
certificate issued by the 2015 instance, are both going to
On Sun, 3 May 2015, David Woodhouse wrote:
Hello David,
For the case of NSS, I suspect the lack of CKA_SUBJECT shouldn't be a
real problem. I've just started looking at NSS with a view to fixing
it to take PKCS#11 URIs, and it looks like the common way of
specifying a certificate is by its
On Tue, May 5, 2015 8:55 am, David Woodhouse wrote:
I'm talking about the serial numbers of the certs issued *by* the two
My CAs.
Good to have that clarification :)
Different CAs (in as much as different public keys), but with the same
DER-encoded subject name (not necessarily the same
On Tue, 2015-05-05 at 09:47 -0700, Ryan Sleevi wrote:
On Tue, May 5, 2015 8:55 am, David Woodhouse wrote:
I'm talking about the serial numbers of the certs issued *by* the two
My CAs.
Good to have that clarification :)
Different CAs (in as much as different public keys), but with the
On Tue, 2015-05-05 at 12:29 +0100, Alan Braggins wrote:
On 04/05/15 21:53, David Woodhouse wrote:
On Mon, May 4, 2015 1:25 pm, David Woodhouse wrote:
Surely that's not unique? Using the above example, surely the first
certificate issued by the 2010 instance of 'My CA', and the
On 05/05/15 16:55, David Woodhouse wrote:
On Mon, May 4, 2015 1:25 pm, David Woodhouse wrote:
Hm... so if I have two certificates; one with:
CKA_SUBJECT: My CA
CKA_LABEL: My CA (2010 instance)
and the other:
CKA_SUBJECT: My CA
CKA_LABEL: My CA (2015 instance)
Surely that's not
On Fri, 1 May 2015, David Woodhouse wrote:
On Fri, 2015-05-01 at 11:35 +0100, Alan Braggins wrote:
On 30/04/15 17:56, David Woodhouse wrote:
Has anyone looked at implementing RFC7512 support, allowing an object
to be specified by a PKCS#11 URI?
I don't suppose you know why RFC 7512 uses
On 05/03/2015 02:17 AM, David Woodhouse wrote:
On Sat, 2015-05-02 at 18:33 -0700, Jan Pechanec wrote:
On Fri, 1 May 2015, David Woodhouse wrote:
On Fri, 2015-05-01 at 11:35 +0100, Alan Braggins wrote:
On 30/04/15 17:56, David Woodhouse wrote:
Has anyone looked at implementing RFC7512
On Mon, 2015-05-04 at 09:21 -0700, Robert Relyea wrote:
So in NSS, CKA_LABEL is simply a short cut to CKA_SUBJECT. That is NSS
looks up a cert from the nickname and picks all the certs that match
that cert's subject.
Hm... so if I have two certificates; one with:
CKA_SUBJECT: My CA
On Mon, May 4, 2015 1:25 pm, David Woodhouse wrote:
Surely that's not unique? Using the above example, surely the first
certificate issued by the 2010 instance of 'My CA', and the first
certificate issued by the 2015 instance, are both going to have
identical CKA_ISSUER and
On Mon, May 4, 2015 1:25 pm, David Woodhouse wrote:
Surely that's not unique? Using the above example, surely the first
certificate issued by the 2010 instance of 'My CA', and the first
certificate issued by the 2015 instance, are both going to have
identical CKA_ISSUER and
On 30/04/15 17:56, David Woodhouse wrote:
Has anyone looked at implementing RFC7512 support, allowing an object
to be specified by a PKCS#11 URI?
I don't suppose you know why RFC 7512 uses CKA_ID but not CKA_SUBJECT,
when PKCS#11 says The*CKA_ID*attribute is intended as a means of
On Fri, 2015-05-01 at 11:35 +0100, Alan Braggins wrote:
On 30/04/15 17:56, David Woodhouse wrote:
Has anyone looked at implementing RFC7512 support, allowing an object
to be specified by a PKCS#11 URI?
I don't suppose you know why RFC 7512 uses CKA_ID but not CKA_SUBJECT,
when PKCS#11 says
Has anyone looked at implementing RFC7512 support, allowing an object
to be specified by a PKCS#11 URI?
I can now do this with both GnuTLS and OpenSSL, and it would be good
to get NSS fixed too.
I'd also very much like NSS to be able to load the default PKCS#11
tokens listed in the system's
14 matches
Mail list logo