In message [EMAIL PROTECTED] on Sat, 23 Nov 2002 13:36:43
-0500, Geoff Thorpe [EMAIL PROTECTED] said:
geoff But then we already knew that - Peter Gutmann had pointed out in the past
geoff that a single write of zeroes to disk or memory doesn't protect against
geoff the previous values being
In message [EMAIL PROTECTED] on Sat, 23 Nov 2002 13:36:43
-0500, Geoff Thorpe [EMAIL PROTECTED] said:
geoff But then we already knew that - Peter Gutmann had pointed out in the past
geoff that a single write of zeroes to disk or memory doesn't protect against
geoff the previous values
I'm curious. You say your CA gave you a PKCS12 file with
a cert in it, *and* a private key in it? Whose private key
did they give you? If it's yours, then you've just opened a huge security
hole by allowing them access to your private key. If it's someone
else's, can you send it to me so
On Fri, Nov 22, 2002 at 01:50:37PM -0500, Chris Jarshant wrote:
You can't convert a public key certificate into a PKCS12 file -
the openssl pkcs12 routine *requires* a private key to be in such
a file along with the public key, which you cannot have (CAs don't
give out their private keys).
--- Geoff Thorpe [EMAIL PROTECTED] wrote:
The ENGINE is a sort of container for implementations of the various
***_METHOD implementations, and the method tables have always worked
this way too. Ie. upon creation, a structure is linked to a function
table that handles processing. In the
- Original Message -
From: Vadim Fedukovich [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, November 24, 2002 12:46 PM
Subject: Re: Converting own CA certificate to pkcs12
On Fri, Nov 22, 2002 at 01:50:37PM -0500, Chris Jarshant wrote:
You can't convert a public key
SNIP
So Microsoft, trying to be clever again, seems to have fooled
me into thinking the chain could be in the file, whereas
now I know it isn't in my example file and I suspect it can
never be. If anyone can confirm this, I'd be interested.
/SNIP
Sebastian,
This is indeed the
On Sun, Nov 24, 2002 at 09:29:09PM -0800, Jimi Thompson wrote:
It is also interesting to note that for practical purposes Certificate
Revocation Lists are invalid. While they do exist and are part of the
standard, very few applications are written to take advantage of them. Once
a
On Sun, Nov 24, 2002 at 09:29:09PM -0800, Jimi Thompson wrote:
It is also interesting to note that for practical purposes Certificate
Revocation Lists are invalid. While they do exist and are part of the
standard, very few applications are written to take advantage of them.
Once
a certificate
Yes, this we use as well.
Using LDAP for the authentication, including certs, allows to forget the
CRL-stuff, if you need it for authentication on a server or portal.
And, compared to CRLs, it is much more real time.
Am 2002-11-25 7:53 Uhr schrieb Jimi Thompson unter [EMAIL PROTECTED]:
...
10 matches
Mail list logo