Hi Eddy. I'm not the right person to answer your questions about our CPS. I
have asked my colleague Robin Alden to join this newsgroup and answer each of
your points.
On Sunday 16 March 2008, Eddy Nigg (StartCom Ltd.) wrote:
> This is a revised version of my initial questions concerning the Co
Eddy Nigg (StartCom Ltd.) wrote:
> 4.) Frank, this one is for you:
>
> Since most (if not all) CA root certificates of Comodo were inherited
> from the Netscape era and never were properly evaluated by an inclusion
> process and in light of the questions above, isn't a thorough review of
> this
Eddy Nigg (StartCom Ltd.) wrote:
> Oh, and it that respect I have another interesting question. Supposed a
> CA issues EV certificates (audited and conforming to the relevant
> criteria in every respect) but their other CA business (meaning non-EV)
> would fail to conform to the Mozilla CA polic
Hi All!!!
I have written a wrapper API using NSS.
The recieve function utilizes the PR_Recv function.
I am encountering the following problems:
1)The client is unable to send/recieve messages from the server in
the first call to recieve/send. It requires exactly two messages
before the comm
Rob Stradling:
> Hi Eddy. I'm not the right person to answer your questions about our CPS. I
> have asked my colleague Robin Alden to join this newsgroup and answer each of
> your points.
>
Thank you Rob, I'm looking forward to the replies of Robin Alden.
--
Regards
Signer: Ed
Frank Hecker:
> Eddy Nigg (StartCom Ltd.) wrote:
>
>> Oh, and it that respect I have another interesting question. Supposed a
>> CA issues EV certificates (audited and conforming to the relevant
>> criteria in every respect) but their other CA business (meaning non-EV)
>> would fail to confor
Frank Hecker wrote, On 2008-03-18 05:17:
> Right now we don't have any technical mechanism to accept only EV
> certificates issued within a CA hierarchy, but not EV certs from within
> that same hierarchy.
I think there must be a word missing from that sentence.
As it reads, it says "... to ac
Nelson B Bolyard wrote:
> Frank Hecker wrote, On 2008-03-18 05:17:
>
>> Right now we don't have any technical mechanism to accept only EV
>> certificates issued within a CA hierarchy, but not EV certs from within
>> that same hierarchy.
> I suspect you meant "... to accept EV certs, but not NO
Frank Hecker:
> Comodo has applied to (among other things) add a new EV root CA
> certificate for the *COMODO Certification Authority* to the Mozilla root
> store, as documented in the following bug:
>
>https://bugzilla.mozilla.org/show_bug.cgi?id=401587
>
> Note that this request specificall
Frank Hecker:
> I'll let Eddy speak for himself, but I believe he's thinking of a
> scenario where we (Mozilla) or the user (a power user, to be sure) would
> decide that we trust CA Foo to issue EV certs, but we or the user think
> they have unacceptable practices on non-EV certs (like issuing
> Frank Hecker:
> > Eddy Nigg (StartCom Ltd.) wrote:
> >
> >> Issuing certificates which claim to be validated without
> such vetting
> >> ever having performed is tantamount to KNOWINGLY and WILLINGLY
> >> contribute to a possible fraud. I claim that issuing wild card
> >> certificates with
Andrews, Rick:
> I'd also like to add my two cents from some time spent studying
> "confusable" domain names that could be used for fraud. The solution,
> IMO, if one can be crafted, must be done upstream at domain name
> registration time.
This is from our perspective wishful thinking! Many regi
More questions for Comodo:
Specifically to the CPS at
http://www.comodo.com/repository/09_22_2006_Certification_Practice_Statement_v.3.0.pdf
2.4.3 a) section for code signing certificates refers to section 4.2.1
(Validation Practices)
Going to section 4.2.1:
- Unlucky formulation of "4.2.1 Se
I am in the middle of writing an application for work and instead of
writing a full fledge security matrix I was just going to see about
integrating certain parts of NSS into the application and having the
users authenticate/encrypt/decrypt/sign with their CAC.
I dont mind going in and trying t
Kevin wrote:
> I dont mind going in and trying to wrap the pieces of NSS that I need,
> but if I dont have to reinvent the wheel, then that would be great too.
I am not aware of a Python wrapper for NSS, although that has been
discussed here before. Although maybe there was one that wrapped just a
15 matches
Mail list logo
