Jean-Marc Desperrier wrote:
This is something that I've seen also, and it makes me worried that the
current Fx solution *doesn't* really work as advertised.
The people see the warning, and the next minute, they start IE to access
the site.
Think about it : Instead of protecting them, Fx
Nelson B Bolyard schrieb:
I think the solution that Jean-Marc outlined above would make some
sense: It would make it a bit easier to visit certain sites, but disturb
permanently if someone visits a site that has no trust anchor in firefox.
There's a great deal of evidence, and consensus
Nelson B Bolyard:
Only if the server cert is from a CA that follows a reasonable CP/CPS.
Obviously...
The case of concern is the server with a self-signed cert, or cert from
an unknown CA, that has an AIA extension that points to a tracking host
of some sort. The chain won't validate (the
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
la.org] On Behalf Of Dean
Sent: Wednesday, July 23, 2008 12:09 PM
To: dev-tech-crypto@lists.mozilla.org
Subject: Re: Failed to toggle FIPS mode with JSS
Essentially I have an SSL implementation that I want to
On Jul 23, 11:15 pm, Nelson B Bolyard [EMAIL PROTECTED] wrote:
joshuaaa wrote, On 2008-07-23 20:30:
Sorry for the confusion. It would be greatly appreciated if anyone can
shed some light on this subject. I've spent plenty of hours
researching and haven't come up with anything promising.
Thorsten Becker wrote:
Nelson B Bolyard schrieb:
I think the solution that Jean-Marc outlined above would make some
sense: It would make it a bit easier to visit certain sites, but
disturb permanently if someone visits a site that has no trust anchor
in firefox.
There's a great deal of
I'm building Firefox 2, and I find it support ECC. Could I only limit the ECC
key lengths to 128bits or remove ECC support on FireFox 2? If yes, how can I
change build scripts?
Thanks,
Leo
_
MSN史诗巨片横空出世,精彩抢先看!
Eddy Nigg wrote:
Frank, I'd like to know (again) what our policy is in regards of EV
audit requirements. As I understand from the bug report, Wells Fargo
didn't actually absolved the EV audit, but some EV readiness audit. I
think we are past the time where we'd accept such audits?
A quick
Eddy Nigg wrote, On 2008-07-24 01:15:
Nelson B Bolyard:
I believe that, within the Mozilla developer community, there is a widely
held misconception that NSS=PSM and the NSS team is the PSM team. But
that's really not correct. Most of the NSS developers are paid to work
on NSS but not on
Jean-Marc Desperrier wrote, On 2008-07-24 05:37:
For exemple about the shareable database, your response late in February
about that was that there was still a lot left to do for it,
In NSS, yes. That work was completed, as planned.
and that you didn't see the point unless both Fx and Tb
On Thu, Jul 24, 2008 at 5:37 AM, Jean-Marc Desperrier
[EMAIL PROTECTED] wrote:
For exemple about the shareable database, your response late in February
about that was that there was still a lot left to do for it, and that
you didn't see the point unless both Fx and Tb had it and it could be
On Thu, Jul 24, 2008 at 5:52 AM, Jean-Marc Desperrier
[EMAIL PROTECTED] wrote:
Nelson B Bolyard wrote:
[...]
For applications like FF3 that use NSS 3.12, which type of DB is used is
under the control of the application. FF3 does not make use of the SQLite3
DBs (even though that capability was
I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively
supported it (ECC ciphersuites are enabled in about:config). Using normal
downloads of FF3 on either Linux or Windows I'm getting the error that
there's no common ciphersuite. Looking at SSLTap, both versions of FF3
browser
ZhanLeo wrote, on 2008-07-24 07:45 PDT:
I'm building Firefox 2, and I find it support ECC.
I gather that this project has begun relatively recently, and so
I wonder why you're building Firefox 2 instead of Firefox 3.
Could I only limit the ECC key lengths to 128bits
Such a change could be
Bill Price wrote, On 2008-07-24 15:17:
I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively
supported it (ECC ciphersuites are enabled in about:config). Using normal
downloads of FF3 on either Linux or Windows I'm getting the error that
there's no common ciphersuite.
Bill Price wrote, On 2008-07-24 15:17 PDT:
I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively
supported it (ECC ciphersuites are enabled in about:config). Using normal
downloads of FF3 on either Linux or Windows I'm getting the error that
there's no common ciphersuite.
joshuaaa wrote, On 2008-07-24 06:56:
This is part of a project to increase security here at work. To be
honest, I'm not completely sure of all the details. I've just been
asked to add/remove user certificates while the browser is running.
User certificates? Certificates for which the user
On Jul 24, 5:09 pm, Nelson B Bolyard [EMAIL PROTECTED] wrote:
joshuaaa wrote, On 2008-07-24 06:56:
This is part of a project to increase security here at work. To be
honest, I'm not completely sure of all the details. I've just been
asked to add/remove user certificates while the browser
Edy,
Eddy Nigg wrote:
Neither Apache not IIS do that AFAIK.
I believe the Netscape/iPlanet/Sun web server does at least log a
warning when the server comes up if the cert cannot be verified, for
example, because of a missing intermediate.
However, if the intermediate cert was installed,
Daniel Stenberg wrote, On 2008-07-23 14:43:
On Wed, 23 Jul 2008, Ruchi Lohani wrote:
Since a lot of open source softwares are using NSS, I wish to know whether
we have some documentation on specifics of
OpenSSL and NSS and the advantages NSS has over OpenSSL. If so, can anybody
direct me
See responses in line below.
Nelson B Bolyard [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Bill Price wrote, On 2008-07-24 15:17 PDT:
I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively
supported it (ECC ciphersuites are enabled in about:config). Using normal
21 matches
Mail list logo
