On Friday, 1 December 2017 17:11:56 CET Ryan Sleevi wrote:
> On Fri, Dec 1, 2017 at 10:23 AM, Hubert Kario wrote:
> > and fine for NSS too, if that changes don't have to be implemented in next
> > month or two, but have to be implemented before NSS with final TLS 1.3
> > version
> > ships
>
> Is
On Friday, 1 December 2017 16:33:10 CET Jakob Bohm via dev-security-policy
wrote:
> On 01/12/2017 16:23, Hubert Kario wrote:
> > On Friday, 1 December 2017 15:33:30 CET Ryan Sleevi wrote:
> >> On Fri, Dec 1, 2017 at 7:34 AM, Hubert Kario wrote:
> It does feel like again the argument is The C
On Friday, 1 December 2017 15:33:30 CET Ryan Sleevi wrote:
> On Fri, Dec 1, 2017 at 7:34 AM, Hubert Kario wrote:
> > > It does feel like again the argument is The CA/EE should say 'I won't do
> >
> > X'
> >
> > > so that a client won't accept a signature if the CA does X, except it
> > > doesn't
On Thursday, 30 November 2017 21:49:42 CET Ryan Sleevi wrote:
> On Thu, Nov 30, 2017 at 3:23 PM, Hubert Kario wrote:
> > On Thursday, 30 November 2017 18:46:12 CET Ryan Sleevi wrote:
> > > On Thu, Nov 30, 2017 at 12:21 PM, Hubert Kario
> >
> > wrote:
> > > > if the certificate is usable with PKC
On Thursday, 30 November 2017 18:46:12 CET Ryan Sleevi wrote:
> On Thu, Nov 30, 2017 at 12:21 PM, Hubert Kario wrote:
> > if the certificate is usable with PKCS#1 v1.5 signatures, it makes it
> > vulnerable to attacks like the Bleichenbacher, if it is not usable with
> > PKCS#1
> > v1.5 it's not v
On Wednesday, 29 November 2017 21:59:39 CET Ryan Sleevi wrote:
> On Wed, Nov 29, 2017 at 1:09 PM, Hubert Kario wrote:
> > > So are you stating you do not believe cross-algorithm attacks are
> >
> > relevant?
> >
> > No, I don't believe that cross-algorithm attacks from RSA-PSS to PKCS#1
> > v1.5
On Wednesday, 29 November 2017 17:00:58 CET Ryan Sleevi wrote:
> On Wed, Nov 29, 2017 at 7:55 AM, Hubert Kario via dev-security-policy <
>
> dev-security-policy@lists.mozilla.org> wrote:
> > Because I do not consider making the salt length rigid (one value allowed
> > f
On Tuesday, 28 November 2017 17:09:03 CET Ryan Sleevi wrote:
> On Tue, Nov 28, 2017 at 8:04 AM, Hubert Kario wrote:
> > On Monday, 27 November 2017 23:37:59 CET Ryan Sleevi wrote:
> > > On Mon, Nov 27, 2017 at 4:51 PM, Hubert Kario wrote:
> > > > > So no, we should not assume well-meaning actors,
On Monday, 27 November 2017 23:37:59 CET Ryan Sleevi wrote:
> On Mon, Nov 27, 2017 at 4:51 PM, Hubert Kario wrote:
> > > So no, we should not assume well-meaning actors, and we should be
> >
> > explicit
> >
> > > about what the "intention" of the RFCs is, and whether they actually
> > > achieve
On Monday, 27 November 2017 20:31:53 CET Ryan Sleevi wrote:
> On Mon, Nov 27, 2017 at 12:54 PM, Hubert Kario wrote:
> > > On the realm of CA policy, we're discussing two matters:
> > > 1) What should the certificates a CA issue be encoded as
> > > 2) How should the CA protect and use its private k
On Monday, 27 November 2017 17:28:02 CET Ryan Sleevi wrote:
> On Thu, Nov 23, 2017 at 7:07 AM, Hubert Kario via dev-security-policy <
>
> dev-security-policy@lists.mozilla.org> wrote:
> > In response to comment made by Gervase Markham[1], pointing out that
> > Mozilla
&
On Thursday, 23 November 2017 20:22:28 CET Jakob Bohm via dev-security-policy
wrote:
> On 23/11/2017 13:07, Hubert Kario wrote:
> > In response to comment made by Gervase Markham[1], pointing out that
> > Mozilla doesn't have an official RSA-PSS usage policy.
> >
> > This is the thread to discuss
On Wednesday, 22 November 2017 18:03:53 CET Matthew Hardeman via dev-security-
policy wrote:
> Hi,
>
> I touched on my thoughts on this matter a bit before.
>
> This is really about trust.
>
> I think several factors must be weighed here:
>
> 1. Is "trust" really required of a CA in a soon-to-
In response to comment made by Gervase Markham[1], pointing out that Mozilla
doesn't have an official RSA-PSS usage policy.
This is the thread to discuss it and make a proposal that could be later
included in Mozilla Root Store Policy[2]
I'm proposing the following additions to the Policy (leav
14 matches
Mail list logo
