On 25/09/14 17:53, Robin Alden wrote:
I can send out a million client certificates for negligible
cost.
Good point.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
On 25/09/14 22:33, Matt Palmer wrote:
* Client certs can be invisibly stolen if a machine is compromised
Well, the cert is quasi-public information, so it doesn't matter if they get
stolen, invisibly or otherwise. The private key, on the other hand...
grin But at any rate, just stick the
Gervase Markham schrieb:
A question which occurred to me, and I thought I'd put before an
audience of the wise:
* What advantages, if any, do client certs have over number-sequence
widgets such as e.g. the HSBC Secure Key, used with SSL?
Le jeudi 25 septembre 2014 22:54:07 UTC+2, Hubert Kario a écrit :
- Original Message -
From: Chris Palmer p@google.com
[...]
SHA-1 signature algorithms are not per se bad right now; what's bad is
certificate chains using SHA-1 that will/would be valid too far in the
future.
On Fri, September 26, 2014 2:39 am, Erwann Abalea wrote:
Le jeudi 25 septembre 2014 14:29:04 UTC+2, Gervase Markham a écrit :
A question which occurred to me, and I thought I'd put before an
audience of the wise:
* What advantages, if any, do client certs have over number-sequence
On Fri, September 26, 2014 2:06 am, Gervase Markham wrote:
On 25/09/14 22:33, Matt Palmer wrote:
* Client certs can be invisibly stolen if a machine is compromised
Well, the cert is quasi-public information, so it doesn't matter if they
get
stolen, invisibly or otherwise. The private
On Thu, September 25, 2014 11:18 pm, Henri Sivonen wrote:
On Fri, Sep 26, 2014 at 12:33 AM, Matt Palmer mpal...@hezmatt.org wrote:
On Thu, Sep 25, 2014 at 01:29:04PM +0100, Gervase Markham wrote:
A question which occurred to me, and I thought I'd put before an
audience of the wise:
*
Le vendredi 26 septembre 2014 11:50:32 UTC+2, Ryan Sleevi a écrit :
On Fri, September 26, 2014 2:39 am, Erwann Abalea wrote:
Le jeudi 25 septembre 2014 14:29:04 UTC+2, Gervase Markham a écrit :
A question which occurred to me, and I thought I'd put before an
audience of the wise:
*
- Original Message -
From: fhw...@gmail.com
To: dev-security-policy@lists.mozilla.org
Sent: Thursday, 25 September, 2014 7:39:33 PM
Subject: Re: HSTS
I'll address the DoS thing momentarily but first I'm curious if there's any
data out there on how widely deployed HSTS currently is
Answers for Matt Palmer questions:
I don't read the CP (specifically, s2.4) as confirming that the Applicant
controls the Fully-Qualified Domain Name (as per BR 1.1.9 s.9.2.1).
KIR's answer:
To get a SSL certificate client has to provide(CSP s.3.2):
-agreement,
-order,
-document confirming
I think you should clarify what constitutes a document confirming rights to
the domain. Is this authorization from the registrar or registrant? Who
provides the document?
-Original Message-
From: dev-security-policy
On Fri, Sep 26, 2014 at 02:42:05PM +0200, Certificates wrote:
I don't read the CP (specifically, s2.4) as confirming that the Applicant
controls the Fully-Qualified Domain Name (as per BR 1.1.9 s.9.2.1).
KIR's answer:
To get a SSL certificate client has to provide(CSP s.3.2):
That's
12 matches
Mail list logo