On 3/5/09 15:32, Ben Bucksch wrote:
On 03.05.2009 09:06, Ian G wrote:
(5) possibly as consequence of all the above, it can be claimed that
it is an empty threat, and no more than a security/marketing tool for
PKI people.
Consequently, we need to either:
* Make that threat not empty
This is
On 3/5/09 15:43, Eddy Nigg wrote:
On 05/03/2009 10:06 AM, Ian G:
(2), there exists a standard need in audits to discuss disaster
recovery. Curiously, this does not appear to be documented anywhere,
draw your own speculations
It's usually addressed in internal CA documentations and
On 05/04/2009 09:12 AM, Ian G:
On 3/5/09 15:43, Eddy Nigg wrote:
That's not entirely correct, legacy CAs which requested EV enabled had
to go through the process as if they were new roots. See also the
current thread of Verizon/Cybertrust.
Ah! Well corrected. I did not know that. Are you
A customer asked this question, and I couldn't answer it.
Let's say I'm a hacker with access to a public kiosk, and I want users
of that kiosk to see the EV green toolbar when they use the kiosk to
visit my hacked web site. My web site is configured with an SSL cert
signed by my own root.
I
Unfortunately the [potential] problem is much bigger than that!
A hacked browser and/or operating system can essentially screw the user in all
ways possible for a
computer.
The green bar may lit all the time for example.
I would personally be a bit cautious about opening company mail in a
On 2009-05-04 12:27, Andrews, Rick wrote:
A customer asked this question, and I couldn't answer it.
Let's say I'm a hacker with access to a public kiosk, and I want users
of that kiosk to see the EV green toolbar when they use the kiosk to
visit my hacked web site. My web site is configured
On 4/5/09 22:04, Nelson Bolyard wrote:
A very similar hack has already been done. It's a Firefox extension that
(IIRC) silently installs some roots and shows the green bar for
(some of) the certs that chain up to those roots. See it at
https://addons.mozilla.org/en-US/firefox/addon/4828
Nice,
Ian G wrote, On 2009-05-04 13:26:
On 4/5/09 22:04, Nelson Bolyard wrote:
A very similar hack has already been done. It's a Firefox extension
that (IIRC) silently installs some roots and shows the green bar for
(some of) the certs that chain up to those roots. See it at
8 matches
Mail list logo