Someone has recently suggested to me that one of the CAs now included
in Mozilla's list of trusted root CAs actually has the practice of
generating key pairs (including the private key) for their subscribers
and delivering the private key and associated cert chain to the
subscriber in a PKCS12 file
I wrote:
> 2. Mozilla's trademark policy says that if you change certain things
> about Mozilla in your own build or packages, then you cannot release
> your build using Mozilla trademarks (e.g. the Firefox brand name).
> The set of trusted root CA certs is one of those things, I believe.
> See htt
Kaspar Brand wrote, On 2008-06-29 10:10:
> Michael Ströder wrote:
>> Not that I'm endorsing setting cert/CRL download up with HTTP redirects
>> but I cannot derive from the text snippet above that it's forbidden or
>> explicitly not recommended.
>
> In my interpretation of RFC 5280, the statemen
Kaspar Brand wrote, On 2008-06-29 03:32:
> Nelson B Bolyard wrote:
>> Anybody know of a CA that uses that extension in its CRLs?
>> A URL for such a CRL would be welcome.
>
> http://www.pki.admin.ch/crl/AdminCA-CD-T01.crl has one (only includes a
> distributionPoint in the form of a directoryName
Michael Ströder wrote:
> Not that I'm endorsing setting cert/CRL download up with HTTP redirects
> but I cannot derive from the text snippet above that it's forbidden or
> explicitly not recommended.
In my interpretation of RFC 5280, the statement "When the HTTP or FTP
URI scheme is used, the UR
Frank Hecker wrote:
> The second comment period is now over, with no further comments
> received. Based on my evaluation and the comments received thus far, I
> am officially approving this specific request to enable the Entrust Root
> Certification Authority for EV use, and will now proceed to
Frank Hecker wrote:
> We've completed the first round of public comment on the request from
> Entrust to have its new Entrust Root Certification Authority root
> enabled for EV. Based on the results of the first comment period and
> other available information, I'm inclined to approve this reque
Nelson B Bolyard wrote:
> 2. Mozilla's trademark policy says that if you change certain things
> about Mozilla in your own build or packages, then you cannot release
> your build using Mozilla trademarks (e.g. the Firefox brand name).
> The set of trusted root CA certs is one of those things, I bel
Kaspar Brand wrote:
> From reading RFC 5280 section 4.2.1.13, however, it seems to me that
> conformant implementations should rather not follow redirects:
>
>If the DistributionPointName contains a general name of type URI, the
>following semantics MUST be assumed: the URI is a pointer to
Nelson B Bolyard wrote:
> Michael Ströder wrote, On 2008-06-28 02:03:
>> What happens if the CRL's URL is redirected to another URL?
>
> I think you're asking what happens if the attempt to fetch a CRL itself
> (say, via an http GET request) results in an http redirection response
> from the serve
Nelson B Bolyard wrote:
> Anybody know of a CA that uses that extension in its CRLs?
> A URL for such a CRL would be welcome.
http://www.pki.admin.ch/crl/AdminCA-CD-T01.crl has one (only includes a
distributionPoint in the form of a directoryName, no other parameters
are included, though).
> Assu
11 matches
Mail list logo