David E. Ross:
I visit some Web sites with self-signed certificates. None of those
sites request any input from me. The only reason they have site
certificates is that the site owners want to show off how technically
astute they are. Hah! However, those sites do indeed contain
information tha
On 10/18/2008 11:22 AM, Nelson B Bolyard wrote [in part]:
>
> Is removal of the ability to override bad certs the ONLY effective
> protection for such users?
I visit some Web sites with self-signed certificates. None of those
sites request any input from me. The only reason they have site
certif
On 081018 at 20:30, Nelson B Bolyard wrote:
> FF3 had utterly failed to convey to her any understanding that she was
> under attack. The mere fact that the browser provided a way to override
> the error was enough to convince her that the errors were not serious.
I find it amazing that someone sh
At 2:45 AM + 10/18/08, Frank Hecker wrote:
>Yes, but as I understand it what is being discussed here is a more elaborate
>scheme whereby, for example, we (Mozilla) might run an actual CA just for the
>purpose of cross certifying the roots that we accept. Like Nelson, I can't
>remember who ex
Ian G wrote, On 2008-10-14 14:27:
> People in the apps security field hold out high hopes for TLS-PSK as
> a great aid for phishing; it would be a shame of that didn't happen
PSK is just a new name for a very old idea: shared secrets.
When it comes to phishing, shared secrets aren't the solutio
Ian G:
Nelson B Bolyard wrote:
Despite all the additional obstacles that FF3 put in her way, and all
the warnings about "legitimate sites will never ask you to do this",
she persisted in overriding every error, and thus giving away most of
her valuable passwords to her attacker.
Yep, no surp
Nelson B Bolyard wrote:
> In bug https://bugzilla.mozilla.org/show_bug.cgi?id=460374 the reporter
> complained about how difficult it is to override bad cert errors in FF3.
> She complained because she was getting bad cert errors on EVERY https
> site she visited. ALL the https sites she visited w
István Zsolt BERTA:
On the long run, we plan to introduce an OCSP service that is usable
for the general public, i.e. that does not require authentication and
works using the 'authorized responder' concept. This week we had a
discussion with the National Communications Authority, we shall be
able
In bug https://bugzilla.mozilla.org/show_bug.cgi?id=460374 the reporter
complained about how difficult it is to override bad cert errors in FF3.
She complained because she was getting bad cert errors on EVERY https
site she visited. ALL the https sites she visited were apparently
presenting self-s
Kaspar Brand wrote, On 2008-10-18 00:18:
> Nelson B Bolyard wrote:
>> Yes. Bad response, ugly errors, no fun.
>
> With the default settings in Firefox 3, it isn't that bad... remember
> that it's the "graceful failure" mode which is selected by default:
>
Don't forget the OCSP checks done in c
> I.e., unless bugs 205436 or 92923 are worked on soon, using https OCSP
> URIs will quite effectively prevent Mozilla clients from connecting to
> this responder :-) [1] István, maybe you can confirm that in all the
> certs issued so far you've only used https OCSP URIs?
Yes, they all contain htt
How come that S/MIME-signed messages are unreadable using Microsoft Mail and
Outlook Express?
Anders
- Original Message -
From: "Ian G" <[EMAIL PROTECTED]>
To: "mozilla's crypto code discussion list"
Sent: Saturday, October 18, 2008 12:49
Subject: Re: revocation of roots
_
Frank Hecker wrote:
> Eddy Nigg wrote:
>>> b. Is there a way in the root list (code) to signal that a root is
>>> revoked (other than by a self-signed CRL of self)? E.g., by a flag
>>> or something?
>>
>> Not that I'm aware of.
>
> I don't know if this is what Ian was referring to, but in theor
Nelson B Bolyard wrote:
> Frank Hecker wrote, On 2008-10-17 06:57:
>
>> Please refresh my memory here: As I understand it, the basic problem was
>> that if the Microsec root were included in Firefox (or other products)
>> and a user surfed to an SSL/TLS-enabled site with an end entity
>> certif
14 matches
Mail list logo
