Is there any way of allowing users to add locally on their machine a
certificate to the OneCRL scope? (but don't allow local scope to override the
mozilla-published one - it should always have priority)
back in september i revoked locally on my machine the WoSign roots and i tried
to use the
OneCRL is Mozilla's push-based revocation system. Up to now, it's been a
little bit opaque. Thanks to the ever-excellent Rob Stradling, we now
have a web page showing all the certs in OneCRL:
https://crt.sh/mozilla-onecrl
This shows what's on it, and information about why by linking to the
On 16/11/16 09:08, Kurt Roeckx wrote:
> The other option would be that Firefox adds an option to allow SHA-1 for
> things that are in the trust store but are not in the default trust store.
AIUI, that is going to be the default behaviour.
Gerv
___
On 16/11/2016 02:13, Nick Lamb wrote:
On Tuesday, 15 November 2016 09:35:17 UTC, Jakob Bohm wrote:
The HTTPS-everywhere tendency, including the plans of some people to
completely remove unencrypted HTTP from implementations, makes it
necessary for non-public stuff connected to the Internet to
On 16/11/2016 00:58, Kathleen Wilson wrote:
This request from Symantec is to only enable the Email trust bit for the
following 4 root certificates that will eventually replace the VeriSign-brand
class 1 and 2 root certs that are currently included in NSS.
1) Symantec Class 1 Public Primary
On 16/11/2016 10:51 πμ, Ryan Sleevi wrote:
And the bug you want is https://bugzilla.mozilla.org/show_bug.cgi?id=500333
Thanks for the help. We'll try to revive it :)
Dimitris.
On Wed, Nov 16, 2016 at 12:47 AM, Ryan Sleevi wrote:
The module you want is PSM.
The code you
On 2016-11-15 18:00, Peter Bowen wrote:
On Tue, Nov 15, 2016 at 7:25 AM, Kurt Roeckx wrote:
- If it's an enterprise root they need to switch to SHA-2
This is a lot easier said than done for many organizations. Depending
on the CA software this might be a small configuration
And the bug you want is https://bugzilla.mozilla.org/show_bug.cgi?id=500333
On Wed, Nov 16, 2016 at 12:47 AM, Ryan Sleevi wrote:
> The module you want is PSM.
>
> The code you want to submit a patch to is
>
The module you want is PSM.
The code you want to submit a patch to is
https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsNSSCertHelper.cpp#242
On Tue, Nov 15, 2016 at 11:54 PM, Dimitris Zacharopoulos
wrote:
>
> Li-Chun CHEN from Chunghwa Telecom would like
9 matches
Mail list logo