On 11/5/09 10:37 AM, Kyle Hamilton wrote:
then why not create an internal build of Firefox, embed your own root
into it, and issue certificates from that root to the boxes that need
it?
You don't need a special build, of course. Anyone can easily add a new
root into modern desktop browsers. It
On 11/5/09 5:16 AM, Paul van Brouwershaven wrote:
What do you think of this certificate with the CN
owa.b3cables.co.uk\ , again issued by Comodo.
Serial: D2D0DAD5A1C3E785844AA3C72CA2B191
Not in CRL number 2361 Last Update Nov 5 12:35:19 2009 GMT
CA's can prune expired certs from their
On 05/11/09 18:20, Florian Weimer wrote:
Okay, then Mozilla has got a significant problem because some CAs
issue certificates for domains not delegated from the ICANN root.
These CA roots should not be on Mozilla's root CA list.
Which ones?
Gerv
On 05/11/09 15:24, Ian G wrote:
It's not utter nonsense it's intellectual property. The claim that
IANA/ICANN controls the letters '.int' inside a corporation is
fundamentally based on intellectual property. Also, the notion that the
internetworking protocols cannot be used internally as
then why not create an internal build of Firefox, embed your own root
into it, and issue certificates from that root to the boxes that need
it?
Oh yeah, because people use computers for more than one purpose. A
home machine can be used to VPN into work.
Wake up, Mozilla. Your policy is not
On 11/05/2009 07:33 PM, Ian G:
Now you're getting it. It is not acceptable to simply achieve
consensus and go out and burn witches coz we all like that.
What's wrong with achieving consensus? Others fight for years to achieve
that.
Here's a suggestion from Satan. Add to clause 7:
*
On 11/05/2009 08:20 PM, Florian Weimer:
Okay, then Mozilla has got a significant problem because some CAs
issue certificates for domains not delegated from the ICANN root.
These CA roots should not be on Mozilla's root CA list.
Correct. We are working on that by and through various means.
In article 041120091844084030%justd...@mozilla.com, Dave Miller
justd...@mozilla.com wrote:
In article kbednvccenx9c2zxnz2dnuvz_g1i4...@mozilla.org, Eddy Nigg
eddy_n...@startcom.org wrote:
On 11/04/2009 11:13 PM, Dave Miller:
Giganews says the original message got nailed as a binary
On 11/06/2009 01:42 AM, Dave Miller:
Actually, looks like it is getting fixed. I just got this from
Giganews support:
8
I agree, it was a false positive. The SSL cert looked enough like
mime-encoded data to trip the filter. I've asked our programmers to
look into tightening the
My apologies to a couple of people on this thread to whom I
inadvertantly send private replies to. I will paraphrase my replies
to those two individuals publicly:
In short, 10.x.x.x or myserver or myserver.local (at least until such
time ans IANA/ICANN sells .local to the highest bidder) are
Hi All,
Yesterday I found a new false issued certificate for defence.external.int. It
looks like the
problems with Comodo are still not solved. Isn't it?
The certificate below has been issued by Comodo just a few days ago on the
domain external.int which
hasn't been registered.
I'm surprised
* Reed Loden:
On Wed, 04 Nov 2009 20:19:48 +0100
Florian Weimer f...@deneb.enyo.de wrote:
* Paul van Brouwershaven:
Yesterday I found a new false issued certificate for
defence.external.int. It looks like the problems with Comodo are
still not solved. Isn't it?
Why do you think the
On 11/04/2009 09:31 PM, Florian Weimer:
Does the CPS really say that? Where?
If you don't mind, the Mozilla CA Policy requires under section 7:
/for a certificate to be used for SSL-enabled servers, the CA takes
reasonable measures to verify that the entity submitting the
Florian Weimer schreef:
By the way, how did you obtain a copy of the certificate?
They certificate owner wanted a same certificate from an other CA because this
certificate has very
limited browser compatibility. (read supprot for mobile devices etc)
No other CA could deliver this certificate
On 04/11/2009 20:43, Paul van Brouwershaven wrote:
Florian Weimer schreef:
By the way, how did you obtain a copy of the certificate?
They certificate owner wanted a same certificate from an other CA because this
certificate has very
limited browser compatibility. (read supprot for mobile
Ian G schreef:
OK, so it's good to figure out all the facts before we jump to conclusions.
How do you mean?
Why does the client want this certificate? What is the use case here?
This client uses .int for an internal domain, but this does not changes the
case. The certificate
should not be
In article 4af1d712.2070...@startcom.org, Eddy Nigg
eddy_n...@startcom.org wrote:
I'm again not seeing the original posting, why doesn't it come through?
I see only your replies. Something with the mail - news gateway is
broken :S
Giganews says the original message got nailed as a binary
On 11/04/2009 11:13 PM, Dave Miller:
Giganews says the original message got nailed as a binary post because
of the included base64-encoded SSL certificate.
Specially on these news groups this can happen from time to time. Is
this something which can be fixed?
--
Regards
Signer: Eddy
I've found several certificate authorities that issue certificates for
internal domains, including Comodo, VeriSign, and completessl.com.
Adam Barth and I filed a bug on this issue in 2007. These
certificates are easy to acquire, but I don't see how they're less
secure than HTTP, so we've been
Collin Jackson schreef:
I've found several certificate authorities that issue certificates for
internal domains, including Comodo, VeriSign, and completessl.com.
Adam Barth and I filed a bug on this issue in 2007. These
certificates are easy to acquire, but I don't see how they're less
secure
On 11/04/2009 11:32 PM, Collin Jackson:
I've found several certificate authorities that issue certificates for
internal domains, including Comodo, VeriSign, and completessl.com.
Adam Barth and I filed a bug on this issue in 2007. These
certificates are easy to acquire, but I don't see how
Do you know what web site the client used to register it originally?
If you register a certificate with a . in it, Comodo's instantssl.com
store usually sends a domain validation email (to
ad...@external.int, administra...@external.int, etc.). In this case,
I would think the email would never
In article kbednvccenx9c2zxnz2dnuvz_g1i4...@mozilla.org, Eddy Nigg
eddy_n...@startcom.org wrote:
On 11/04/2009 11:13 PM, Dave Miller:
Giganews says the original message got nailed as a binary post because
of the included base64-encoded SSL certificate.
Specially on these news
On 04.11.2009 20:31, Florian Weimer wrote:
* Reed Loden:
$ whois -h whois.iana.org external.int
Domain external.int not found.
SSL certificates shouldn't be issued to domains that don't exist. ;)
Does the CPS really say that? Where?
SSL certs should be issued only to the
24 matches
Mail list logo