Hello all,
I'm new to this list. My interest is in the area of protecting the
mozApp and Data. I am thinking in line of an encrypted folder to
store the data and have the application signed.
The application is xulrunner-based but I don't know if the security of
mozilla is also included in xulrun
On Thu, Dec 18, 2008 at 7:29 AM, Ian G wrote:
> On 18/12/08 12:09, Kyle Hamilton wrote:
>>
>> Eddy's gone ahead and sent a signed PDF, according to a later message
>> in-thread. I expect that it'll work without a hitch, though I would
>> like to hear of any anomalous behavior. :)
>>
>> But, I'm s
According to my mail client, Ian G wrote on 2008-12-17 04:11 PST:
[paraphrasing liberally:
Europeans let their legislatures do their engineering.]
Lot of countries have created their own legislation or regulation for
security software, and then sat back and waited for others to implement
their
On Thu, Dec 18, 2008 at 12:37 PM, Nelson B Bolyard wrote:
> DanKegel wrote, On 2008-12-18 12:12:
>> http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1088928
>> says "To obtain the certificate that was rejected by the certificate
>> authentication callback, the callback function
I've made a proposal on how applications should initialize NSS when
using shared databases on Linux. That draft is located here:
https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX
Comments and edits are welcome.
Thanks,
bob
smime.p7s
Description: S/MIME Cryptographic Signature
___
banzai wrote:
Hi all,
I have tried to read all the certificates in NSS.
you probably know this but you of course can use the built in Firefox
Certificate Manager
Options->Advanced->View Certificates
I a little confused by some of the info provided. One you can configure
Sun PKCS#11 provider
On 12/18/2008 10:16 PM, Ian G:
It is truly basic, it is how business works.
Your assumptions are a non-starter for me. Having worked myself in
various organizations from small and to big (1000+), what you suspect is
completly foreign to me, not common practice for IT personnel (in
particula
DanKegel wrote, On 2008-12-18 12:12:
> http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1088928
> says "To obtain the certificate that was rejected by the certificate
> authentication callback, the callback function calls
> SSL_PeerCertificate."
The sentence above could be clar
On 18/12/08 18:14, István Zsolt BERTA wrote:
I'll differ from you somewhat here. As a practical matter browser
vendors are a major audience for a CA's CPS, along with the CA's
auditor, possibly government agencies concerned with the CA's
operations, and whoever else might care to read it. I can u
On 18/12/08 17:47, Eddy Nigg wrote:
On 12/18/2008 05:29 PM, Ian G:
Hopelessly unreliable, in my opinion. Crypto will tell you that someone
with "Kathleen's key" made that PDF, but some time later we might
discover that Kathleen now works for Microsoft. Nobody bothered to
replace the key, becaus
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1088928
says "To obtain the certificate that was rejected by the certificate
authentication callback, the callback function calls
SSL_PeerCertificate."
And it really does mean the callback function. Once that returns, the
inform
On 12/18/2008 07:14 PM, István Zsolt BERTA:
Had we known that English documentation is a requirement, we could
have chosen to fulfill it by submitting a translation, we could have
sought other way to sell certificates accepted by Mozilla, or we could
have decided to forget about the Mozilla-incl
CA liability has been focused on the RP since it an RP that "trusts" a CA
and its certificates, right?
A problem with this notion is that there is no end to what a wrongly certified
entity could cause in damages, particularly not for "eID" kind of certificates
that potentially opens any number of
> Ian G wrote re CPSs not available in English:
>
>> Which leads to the first easy fix: insist that all non-english CAs
>> translate all their docs. Then I can read the CPS! I personally
>> am unsatisfied at that, I see flaws.
>
>> 1. Frank has made the case for regional and local CAs. The we
On 12/18/2008 05:29 PM, Ian G:
Hopelessly unreliable, in my opinion. Crypto will tell you that someone
with "Kathleen's key" made that PDF, but some time later we might
discover that Kathleen now works for Microsoft. Nobody bothered to
replace the key, because it worked.
Well, I think I start
On 12/18/2008 05:06 PM, Frank Hecker:
You can apparently create signed PDF documents using Adobe Acrobat 9
Standard; Eddy says there are free signing utilities than be used also,
but I don't have references for those right now.
Eddy is using a slightly modified version of this:
http://sourcef
On 12/18/2008 05:15 PM, David E. Ross:
Actually, a digital signature DOES NOT necessarily guard a document from
attack. An attacker might still be able to delete a signed document.
I'm not aware of any PKI solution that protects from deletion. That
would have to be handled properly on the fil
On 18/12/08 13:20, Anders Rundgren wrote:
Kyle,
I fully agree with your conclusions.
IMO a signature's primary function is to provide a mark of authenticity
to something. If the signature is associated with an unknown signer
the value of the signature becomes rather limited.
The Qualified Certi
On 18/12/08 12:09, Kyle Hamilton wrote:
Eddy's gone ahead and sent a signed PDF, according to a later message
in-thread. I expect that it'll work without a hitch, though I would
like to hear of any anomalous behavior. :)
But, I'm struck again by a couple of questions.
Why does everything have
> On Wed, Dec 17, 2008 at 11:14 AM, Frank Hecker
> wrote:
>> Kyle Hamilton wrote:
>>> Actually, the 'threat model' is more related to versioning (via
>>> timestamp) than anything, and to ensure that no malware on my system
>>> (I try to keep it malware-free, obviously, but I also know that just
>
Kyle Hamilton wrote:
Eddy's gone ahead and sent a signed PDF, according to a later message
in-thread. I expect that it'll work without a hitch, though I would
like to hear of any anomalous behavior. :)
It did indeed work without problems. I was able to read the document
successfully with a va
On 12/18/2008 01:09 PM, Kyle Hamilton:
Why does everything have to have an explicit 'threat model' before
cryptography can be applied? In my view, cryptography is useful for
MUCH more than just "protecting against potential attack".
Kile, I think that's correct and the protection/confirmation
Kyle,
I fully agree with your conclusions.
IMO a signature's primary function is to provide a mark of authenticity
to something. If the signature is associated with an unknown signer
the value of the signature becomes rather limited.
The Qualified Certificate concept is based on the strange idea
Eddy's gone ahead and sent a signed PDF, according to a later message
in-thread. I expect that it'll work without a hitch, though I would
like to hear of any anomalous behavior. :)
But, I'm struck again by a couple of questions.
Why does everything have to have an explicit 'threat model' before
24 matches
Mail list logo