On 6/8/02 3:01 PM, Steven M. Bellovin [EMAIL PROTECTED] wrote:
I was excluding EDNS0, since I thought it wasn't widely implemented.
It has been implemented in the latest version of BINDv8, it has always been
in BINDv9, and I believe it is in Microsoft's DNS server (not positive on
this). Given
Hi,
I've terminated the Make process while its running, and when i tried to run
Make again, it gives me the following error. Is there any way i can resolve
this?
make
+ rm -f libcrypto.so.0
+ rm -f libcrypto.so
+ rm -f libcrypto.so.0.9.6
+ rm -f libssl.so.0
+ rm -f libssl.so
+ rm -f
On Sat, 8 Jun 2002, Michael Richardson wrote:
Franck == Franck Martin [EMAIL PROTECTED] writes:
Franck I was wondering if the best system to build a global PKI wouldn't be the
Franck DNS system already in place?
Franck The root servers would share the ROOT Certificates and
Franck == Franck Martin [EMAIL PROTECTED] writes:
Franck I was wondering if the best system to build a global PKI wouldn't be the
Franck DNS system already in place?
Franck The root servers would share the ROOT Certificates and would sign a
Franck certificate to each .org .com
On Sat, 08 Jun 2002 13:22:28 -, Franck Martin said:
I was wondering if the best system to build a global PKI wouldn't be the
DNS system already in place?
No.
1) There's *NOT* a good mapping between the DNS and LDAP (hint - DN=, O=,
and OU+ can be at the same level...)
2) DNS has to be
In message [EMAIL PROTECTED], David Conrad writes:
On 6/8/02 6:22 AM, Steven M. Bellovin [EMAIL PROTECTED] wrote:
DNS packets are limited to 512 bytes.
No they are not. They are limited to 64K. Even without EDNS0, a large
response can fall back to TCP. You know this.
I was excluding EDNS0,
Hi, all
I met a problem. Iuse a script to run openssl
command. When it need access a private keyfile, user must input password
for protection reason. But it is doneby the interactive way. But I
hope script to run commands automaticly, without inputing password
interactively. How to do it?
Pekka Savola [EMAIL PROTECTED] writes:
On Sat, 8 Jun 2002, Michael Richardson wrote:
Franck == Franck Martin [EMAIL PROTECTED] writes:
Franck I was wondering if the best system to build a global PKI wouldn't be the
Franck DNS system already in place?
Franck The root servers
Hi Bob,
Judging from what you wrote you might want to implement a 'content
timestamp', which is added to the authenticated attributes and contains a
timestamp over the encapsulated content info. This will not give a proof of
the signing time, just the existence of the data at a particular time.
I think you just specify -noout option to your
command
- Original Message -
From:
hu
To: [EMAIL PROTECTED]
Sent: Saturday, June 08, 2002 10:20 PM
Subject: how to access private key file
without inputing password interactively
Hi, all
I met a
Daniel Sutcliffe wrote:
I have only just subscribed to this list so I apologise if I don't
follow protocol. I thought this would be easy but my Web searches
have led to nothing and I can't find a archive for this list :-(
Still haven't managed to find a searchable archive of this list.
Is
I was following the thread to know more, but then I'm back to begining.
If you find another solution, please let me know...
Cheers.
On Sun, 2002-06-09 at 10:02, Daniel Sutcliffe wrote:
However, my certificates have now started to expire and I am
getting warning dialogs from
Hi,
On Win 2k, OpenSSL 0.9.6a, I am trying to build 'prime.c' using MSVC++ 6.0
(with which I built openssl).
Compiles ok, but cannot link the 3 'BN_' functions called in 'prime.c'. I
get the following error report:
prime.c
prime.c(91) : warning C4113: 'void (__cdecl *)()' differs in parameter
Sorry - should have mentioned that 'prime.c' is in the 'openssl/demos/prime'
prime folder.
Cheers,
Rob
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hi, Jess.
Look carefully at your error: write_irfile: No space left on device. It
means that you should clean your filesystem from the temp/log files (usually
/usr/tmp or whatever defined as /dev/null on your system).
Generally, an answers to such problems can be found at www.tldp.org.
Best
On Sat, Jun 08, 2002 at 01:35:42PM -0700, David Conrad wrote:
On 6/8/02 6:22 AM, Steven M. Bellovin [EMAIL PROTECTED] wrote:
DNS packets are limited to 512 bytes.
No they are not. They are limited to 64K. Even without EDNS0, a large
response can fall back to TCP. You know this.
Hi Bob,
Judging from what you wrote you might want to implement a
'content timestamp', which is added to the authenticated
attributes and contains a timestamp over the encapsulated
content info. This will not give a proof of the signing
time, just the existence of the data at a
As others have pointed out, the DNS already has the capability
to store certs. So you could use the DNS as a publication
method. But is this the only thing a PKI needs? How would
one revolke a cert that was in the DNS? How can you update
-every- cached copy
I cant find the -noout option for
command,such as "openssl smime -sign -inkey PrivateKey.pem". How do you do
it
- Original Message -
From:
董大伟
To: [EMAIL PROTECTED]
Sent: Sunday, June 09, 2002 11:44
AM
Subject: Re: how to access private key
file without
Hi, all
I use a script to run openssl command 'openssl sime' for signing message.
For example, running openssl smime -sign -inkey PrivateKey.pem. Then
command asks me input pass PEM password. How to avoid giving password
in a interactive way, i.e. how to pass password to command when lunching the
If you create the key with the -nodes option, then it is not password
protected. Would that help?
Baber
:)
--
Rise above the clouds and the master
pilot will guide you through the turbulence.
[EMAIL PROTECTED] 06/09/02
I have found the -passin option specifies the password for command.
Thanks!
Ji Hu
- Original Message -
From: Baber Amin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, June 09, 2002 8:52 PM
Subject: Re: how to access *private key file without inputing
passwordinteractively
If
Bill Sommerfeld wrote:
As others have pointed out, the DNS already has the capability
to store certs. So you could use the DNS as a publication
method. But is this the only thing a PKI needs? How would
one revolke a cert that was in the DNS? How can you update
In message [EMAIL PROTECTED] on Fri, 07 Jun 2002 14:03:51
-0700, Brian Doyle [EMAIL PROTECTED] said:
brian The man page also says that CRYPTO_READ and CRYPTO_WRITE are
brian mutually exclusive. I'm confused on this and need some
brian clarification.
Quite simple. When some thread is writing
actually UDP/IP max_size is 512 Bytes
no; you're ignoring fragmentation which has been cmmon since 1980 or so.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
25 matches
Mail list logo
