Hi all,
I found it here http://www.mozilla.org/projects/security/certs/policy/
thank you very much for all the explanations, especially the one with the
silent upgrade by Jean-Marc.
I still don't understand Mozilla's requirement in case silent upgrade is
not required (furthermore, prohibited by
Eddy Nigg wrote:
Interestingly I /think/ NSS is the only library which really has a
problem with it, to all of my knowledge (and I might be wrong with that)
You might. Openssl (therefore mod_ssl, etc.) also has a problem when it
doesn't match. I think most other library also have a problem
Nelson B Bolyard wrote:
CAs that
make this mistake typically have to abandon and completely replace their
entire PKI (entire tree of issued certificates) when a CA cert expires and
its serial number appears in the AKI of other subordinate certs. More than
once I've seen entire corporate PKIs
On 24/11/2009 10:25, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
CAs that
make this mistake typically have to abandon and completely replace their
entire PKI (entire tree of issued certificates) when a CA cert expires
and
its serial number appears in the AKI of other subordinate certs.
Nelson B Bolyard wrote:
On 2009-11-19 08:24 PST, Daniel Joscak wrote:
I would like to ask for an explanation of mozilla trust cert. store
requirement for adding CA.
Is this a question about Mozilla's policy for adding root CA certificates to
the set of trusted root CA certificates that it
Hi Nelson,
On 20/11/2009 20:57, Nelson B Bolyard wrote:
On 2009-11-19 08:24 PST, Daniel Joscak wrote:
Or is this a question about the behavior of Mozilla's crypto code?
In that case, this is the right list.
I read it is a question as to what goes wrong when it is done, and why
it is that
On 2009-11-21 10:46 PST, Ian G wrote:
Hi Nelson,
On 20/11/2009 20:57, Nelson B Bolyard wrote:
On 2009-11-19 08:24 PST, Daniel Joscak wrote:
Why correct authority key identifier (AKI) can not include both the key
ID and the issuer's issuer name and serial number. We have an authority
that
I would like to ask for an explanation of mozilla trust cert. store
requirement for adding CA. Why correct
authority key identifier (AKI) can not include both the key ID and the
issuer's issuer name and serial number. We have an authority that adds
to its certificates such AKI and till now I
8 matches
Mail list logo