Julien R Pierre - Sun Microsystems wrote:
Eddy,
Eddy Nigg wrote:
On 10/23/2008 12:34 AM, Julien R Pierre - Sun Microsystems:
... However reality shows that it takes quite some time until
a new version of NSS seeps to the application level, including with
Mozilla's own products (which would
Kyle Hamilton wrote:
RFC3280 has been obsoleted by RFC5280. Aside from that, though...
...did the people who created PKIX just not realize that if a non-root
certificate needs the ability to be revoked, a root certificate would
also?
Hi Kyle,
Of course it was realised, but what they did
At 3:25 PM +0200 10/24/08, Ian G wrote:
Robert Relyea wrote:
The problem with this idea is that mozilla probably does not want to be
in the CA business. The overhead of creating a mozilla root key in a
safe and secure manner is quite involved (and more than doing a key gen
on a smart card).
Paul Hoffman wrote:
At 3:25 PM +0200 10/24/08, Ian G wrote:
Robert Relyea wrote:
The problem with this idea is that mozilla probably does not want to be
in the CA business. The overhead of creating a mozilla root key in a
safe and secure manner is quite involved (and more than doing a
Eddy Nigg wrote:
I'd like to pick this discussion up once again and evaluate what the
goals of Mozilla and the Mozilla CA policy really are. Certainly the
above is not the defined goal, but rather provide some reasonable
assurance about the CAs included in NSS and Mozilla products and allow
Ian G wrote:
OK, could we speculate that Mozo apps also could turn out a security
update for their products in ... say 2 business days? Or, what number?
And then, we could suggest that the whole process is likely to take
a week (5 business days)?
The Firefox team has done security updates
Frank Hecker wrote:
So personally I'd consider a 5-day timeframe reasonable, and based on
past conversations with people doing update releases, I think it might
be pushed down as low as 3 days.
I should clarify that this timeframe doesn't include any CA-related
time prior to the Mozilla
On 10/24/2008 05:07 PM, Paul Hoffman:
Robert: you are already in that business by distributing trust anchors that you
have (sometimes) vetted. You are a CA without signing anything, just by
distributing a trust anchor repository.
Kind ofMozilla doesn't certify really anything, but
At 9:42 AM -0700 10/24/08, Robert Relyea wrote:
Paul Hoffman wrote:
Robert: you are already in that business by distributing trust anchors that
you have (sometimes) vetted. You are a CA without signing anything, just by
distributing a trust anchor repository.
Yes, but by doing so we aren't in
On 10/24/2008 05:34 PM, Frank Hecker:
Eddy Nigg wrote:
I'd like to pick this discussion up once again and evaluate what the
goals of Mozilla and the Mozilla CA policy really are. Certainly the
above is not the defined goal, but rather provide some reasonable
assurance about the CAs included in
10 matches
Mail list logo
