Idea for SoC-Project implementing PSS in NSS

://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/5d2faba3e71f2bb5/6bdca2a80a17d18a?lnk=gstq=pss#6bdca2a80a17d18a What would people think about that? Is it too much/too little for a SoC- project? Is it something nss / the mozilla project would welcome? cu, -- Hanno Böck Blog

Re: SHA256 certificate support in Firefox.

and nss. But for example it's from my knowledge not posssible to get a sha256- fingerprint of a certificate in firefox. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de http://schokokeks.org - professional webhosting

no release tarball for 3.12.6

source bundles nss, but it's good linux distribution policy to avoid bundled libraries, so this shouldn't happen. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de http://schokokeks.org - professional webhosting

Re: no release tarball for 3.12.6

?id=550231 http://www.mozilla.org/projects/security/pki/nss/ -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de http://schokokeks.org - professional webhosting signature.asc Description: This is a digitally signed message part

Google Summer of Code / RSASSA-PSS for nss

://wiki.mozilla.org/NSS:PSS Also, if you're interested you may want to follow the bugzilla entry, where all patches will be posted: https://bugzilla.mozilla.org/show_bug.cgi?id=158750 -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail:ha

Assertion when using SEC_ASN1EncodeItem with subtemplate

, MY_RSAPSSParamsTemplate); PORT_FreeArena(arena, PR_FALSE); return SECSuccess; } -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de http://schokokeks.org - professional webhosting signature.asc Description: This is a digitally signed

Re: Assertion when using SEC_ASN1EncodeItem with subtemplate

); You're right, but sadly that's not the problem, after that change I get the same error: Assertion failure: theTemplate-sub != NULL, at secasn1u.c:93 -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de http://schokokeks.org

Re: Assertion when using SEC_ASN1EncodeItem with subtemplate

the subtemplate. I fail to really understand the asn1 decoding code at the moment, but I find it likely it's a bug in there. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de http://schokokeks.org - professional webhosting

Re: Proposal to remove SSL 2.0 support from NSS trunk (NSS 3.13)

serious issue. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de http://schokokeks.org - professional webhosting signature.asc Description: This is a digitally signed message part. -- dev-tech-crypto mailing list dev-tech

Unable to export key from key database (certutil: problem listing keys: Unrecognized Object Identifier)

to extract it) -- Hanno Böck mail/jabber: ha...@hboeck.de GPG: BBB51E42 http://www.hboeck.de/ JETZT zu Ökostrom wechseln: http://atomausstieg-selber-machen.de signature.asc Description: PGP signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https

Re: Public key ciphers in Mozilla

do it some time in the future. -- Hanno Böck mail/jabber: ha...@hboeck.de GPG: BBB51E42 http://www.hboeck.de/ JETZT zu Ökostrom wechseln: http://atomausstieg-selber-machen.de signature.asc Description: PGP signature -- dev-tech-crypto mailing list dev-tech-crypto

Re: Public key ciphers in Mozilla

not to use this value? I think there's no reason against this value. The standard sets the default to a salt length of 32 byte. Problematic are only very short salt values (like zero, which is also possible according to the standard). -- Hanno Böck mail/jabber: ha...@hboeck.de GPG

OCSP stapling problems

don't enable anything if it causes any kind of trouble, no matter how much sense it makes in terms of security. I'd prefer disabling OCSP stapling for now if it's causing such regressions. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description

Re: OCSP stapling problems

my worries about this are. It would be great if you could test the new way of doing certificate/OCSP verification. To do so, please download Firefox 30 Nightly from http://nightly.mozilla.org/. After you install it, go to about:config and add a new entry: I'll do that. -- Hanno Böck http

Re: OCSP stapling problems

. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description: PGP signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Interested in reviving PSS support in NSS

registration and RFCs work? Is this something the CFRG would do or some other entity in the IETF? -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 pgpn9dEMx_fIz.pgp Description: OpenPGP digital signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org

Interested in reviving PSS support in NSS

team would be willig to work on merging the code. I'd be interested in this because I want to make a proposal to get PSS support into TLS 1.3 and it would certainly help if I could say that all major TLS libraries support it already. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha

Re: FF 37 - ssl_error_no_cypher_overlap with java SSL and java generated self-signed certificates

a quite fragile algorithm when it comes to random numbers). -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 pgphDyZDZQGw_.pgp Description: OpenPGP digital signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev