Ian G wrote:
On 9/1/09 13:02, Michael Ströder wrote:
Fost1954 wrote:
I do not want to be offending, but a simple I think so-answer does not
satisfy most of the Firefox-Thawte Users,...
I also do not want to be offending but if you're asking questions like
this you have to be prepared to
Thank you,
ecellent dickussion and conclusion we arrived to.
I understand the general consensus is that the statement about unnotified
key transmission to Thawte is correct, saying: I know of no way, rather
than there is no way. (As Nelson Bolyard wrote).
We are all aware that there is no 100%
Fost1954 wrote:
Bob wrote: So it turns out even with crmf, escrow does not happen
quietly. If the CA requests a key be escrowed, the user is notified:
Sorry, Bob, but it becomes too technical for my knowledge, I do not know
what crmf is, nor do I know what tokens etc.are, so speaking
On 9/1/09 13:02, Michael Ströder wrote:
Fost1954 wrote:
Bob wrote: So it turns out even with crmf, escrow does not happen
quietly. If the CA requests a key be escrowed, the user is notified:
Sorry, Bob, but it becomes too technical for my knowledge, I do not know
what crmf is, nor do I know
CRMF is the mechanism by which a CA can request escrow. It is the
ONLY mechanism by which a CA can request escrow.
Even when CRMF is not disabled, there is always a dialog that comes up
when a CA requests escrow.
This has been answered several times in this thread.
-Kyle H
2009/1/8 Fost1954
Fost1954 wrote, On 2009-01-08 14:39:
Could you or any Firefox developer/programmer answer to my question (see
below):
1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to
confirm Kaspar Band's idea that running Firefox in Safe Mode when
generating the key as well as
Bob wrote: So it turns out even with crmf, escrow does not happen quietly.
If the CA requests a key be escrowed, the user is notified:
Sorry, Bob, but it becomes too technical for my knowledge, I do not know
what crmf is, nor do I know what tokens etc.are, so speaking honestly: I do
not
Eddy Nigg wrote:
On 12/27/2008 12:44 AM, Subrata Mazumdar:
A related question:
Is it possible to configure the NSS Soft-Token associated with the
internal slot like smart-card based token so that the private key key
cannot be exported out of the token?
If not, would it be useful feature to
Is there anybody to answer to my/Kaspar Band's statement below, as to get a
final clarification ?:
1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to
confirm Kaspar Band's idea that running Firefox in Safe
Mode when generating the key as well as requesting the Certificate
Daniel Veditz wrote:
user_pref(capability.policy.default.Crypto.generateCRMFRequest,
noAccess);
That may work now, but capability control for individual DOM properties
is gone in Firefox 3.1 betas for performance reasons.
Dan, it's not a DOM property but a method of the Crypto object
First: A succcessful, healthy and happy new Year !
1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to
confirm Kaspar Band's idea that running Firefox in Safe
Mode when generating the key as well as requesting the Certificate with
Thawte does securely prevent unnotified
Kaspar Brand wrote:
Michael Ströder wrote:
I'd love to have an option to forbid CRMFRequest calls...
Not too difficult to achieve, actually. Just add this line to your
prefs.js:
user_pref(capability.policy.default.Crypto.generateCRMFRequest, noAccess);
That may work now, but capability
Fost1954 wrote:
1. Can I spread the message into the world that Running Firefox in Safe
Mode when generating the key as well as requesting the Certificate with
Thawte does securely prevent unnotified private key transmission ?
I think so. Note that Thawte still uses the keygen tag, so
2008/12/29 Kaspar Brand m...@velox.ch
Nelson B Bolyard wrote:
Fost1954 wrote, On 2008-12-27 06:54:
My personal question: Is this warning dialog really ALWAYS the case ?
I think the question is: is there any way for a web site to suppress
that dialog?
[...] But it's relatively easy to
Kaspar Brand wrote, On 2008-12-27 03:21:
Michael Ströder wrote:
I personally don't know whether the current Mozilla implementation of
crypto.generateCRMFRequest includes the private key of an encryption
cert.
Only if you tell it do so, and only if it's a key-exchange-only key. [1]
Fost1954 wrote, On 2008-12-27 06:54:
*_With other words (adapted from N. Bolyard):_*
b) Is there any way for a Firefox user to detect that his CA has requested
[the] private key [to be transmitted] ?
_Possible Answer by Kaspar Band: _ ...an Encryption Key Copy warning
dialog will be
On 12/28/2008 12:50 PM, Nelson B Bolyard:
I also think we need a page or two on developer.mozilla.org that fully
documents both thekeygen tag and the crypto.generateCRMFRequest method.
The existing documentation is very incomplete. Thekeygen tag, for
example, accepts many more arguments than
Nelson B Bolyard wrote:
I also think we need a page or two on developer.mozilla.org that fully
documents both the keygen tag and the crypto.generateCRMFRequest method.
+1
The existing documentation is very incomplete. The keygen tag, for
example, accepts many more arguments than are now
2008/12/28 Nelson B Bolyard nel...@bolyard.me
I think the question is: is there any way for a web site to suppress
that [private key transmission warning-] dialog?
Yes: this should be the point. Having the certainty, that a warning dialog
cannot be suppressed when a private key is to be
Michael Ströder wrote, On 2008-12-28 04:38 PST:
Nelson B Bolyard wrote:
I also think we need a page or two on developer.mozilla.org that fully
documents both the keygen tag and the crypto.generateCRMFRequest method.
+1
The existing documentation is very incomplete. The keygen tag, for
Michael Ströder wrote:
I'd love to have an option to forbid CRMFRequest calls...
Not too difficult to achieve, actually. Just add this line to your
prefs.js:
user_pref(capability.policy.default.Crypto.generateCRMFRequest, noAccess);
I personally don't know whether the current Mozilla
Kaspar Brand wrote:
Michael Ströder wrote:
I'd love to have an option to forbid CRMFRequest calls...
Not too difficult to achieve, actually. Just add this line to your
prefs.js:
user_pref(capability.policy.default.Crypto.generateCRMFRequest, noAccess);
I personally don't know whether
Thank you:
[…] Unfortunately Thawte's enrollment interface does not work
without Javascript. […]Thawte could silently change the behaviour of the
cert enrollment web
interface. […] to be 100% sure [the private key is not transferred] you have
to check that every time you go through this process.
Eddy Nigg wrote:
I think Thawte uses the keygen tag as well. This is a signed public key
and challenge (SPKAC).
I also thought so. But there is some Javascript and the HTML looks like
this:
select name=spkac challenge=tURRaHXxYBDwCk58option2048 (High
Grade)/optionoption1024 (Medium
among other things, because keygen is not a standardized mechanism.
-Kyle H
On Thu, Dec 25, 2008 at 4:10 AM, Michael Ströder mich...@stroeder.com wrote:
Eddy Nigg wrote:
I think Thawte uses the keygen tag as well. This is a signed public key
and challenge (SPKAC).
I also thought so. But
Dear Firefox Developers,
I understand that this should be the right place to ask:
Using Firefox we would like to generate Thawte X.509 E-Mail Certificates.
When generating the Private/Public key pair using Firefox as well as requesting
the certificate, we are logged in on the Thawte Website.
xbcvb cvbcvbvcb wrote:
Using Firefox we would like to generate Thawte X.509 E-Mail Certificates.
When generating the Private/Public key pair using Firefox as well as
requesting
the certificate, we are logged in on the Thawte Website.
*Our security relevant question:*
Which data is
Kyle Hamilton wrote, On 2008-12-25 12:15:
among other things, because keygen is not a standardized mechanism.
True, but neither is crypto.generateCRMFRequest.
There is no standardize html or JavaScript feature for this purpose.
___
dev-tech-crypto
Dear Firefox Developers,
I understand that this should be the right place to ask:
Using Firefox we would like to generate Thawte X.509 E-Mail Certificates.
When generating the Private/Public key pair using Firefox as well as requesting
the certificate, we are logged in on the Thawte Website.
Firefox does not send any private key.
http://en.wikipedia.org/wiki/Certificate_signing_request provides a
very good overview of what it does.
2008/12/24 Fost1954 fost19...@googlemail.com:
Dear Firefox Developers,
I understand that this should be the right place to ask:
Using Firefox we
Kyle Hamilton wrote, On 2008-12-24 13:49:
Firefox does not send any private key.
http://en.wikipedia.org/wiki/Certificate_signing_request provides a
very good overview of what it does.
The answer is not that simple. The cited wiki page explains PKCS#10
Certificate Signing Requests (CSRs).
On 12/25/2008 12:40 AM, Nelson B Bolyard:
The answer is not that simple. The cited wiki page explains PKCS#10
Certificate Signing Requests (CSRs). CSRs are ONE way in which
certificates can be requested from a CA after generating a key pair,
but they are not the only way. IIRC, FF implements
32 matches
Mail list logo
