On Wed, Jun 3, 2009 at 3:31 PM, Ian Hickson i...@hixie.ch wrote:
Which is more likely to be adopted as a cross browser standard? A new
html tag? or a new JavaScript object/method?
It would presumably depend on how it is to be used. If it's for form
submission, then an element would make more
Hi,
I created the db and added a certificate using these commands:
./certutil -N -n servercert -x -t TCu,TCu,TCu -s CN=TestCA,
OU=Test, O=Test, L=Some City, ST=CA, C=US -m 2 -d /tmp -f passfile
./certutil -S -n servercert -x -t TCu,TCu,TCu -s CN=TestCA,
OU=Test, O=Test, L=Some City, ST=CA, C=US
Context:
I am working on PKI cross certification using a PKI bridge.
To fetch missing certificates, I use the following AIA certificate
extension:
CA Issuer: URI : http://_...@ftp_server__/.../bundle.p7c
where bundle.p7c contains the missing certificates (pkcs7 format).
A guesstimate is that less than 1 out of 10 000 smart cards actually
are provisioned with keygen. There are two reasons for that:
1. keygen does not support the information/processes involved
2. current smart cards are unsuitable for on-line provisioning by end-users
Due to this smart
On 06/04/2009 09:40 PM, Anders Rundgren:
A guesstimate is that less than 1 out of 10 000 smart cards actually
are provisioned with keygen.
Can you backup your statement with facts please?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog:
agentma...@hotmail.com wrote:
Hi,
I created the db and added a certificate using these commands:
./certutil -N -n servercert -x -t TCu,TCu,TCu -s CN=TestCA,
OU=Test, O=Test, L=Some City, ST=CA, C=US -m 2 -d /tmp -f passfile
./certutil -S -n servercert -x -t TCu,TCu,TCu -s CN=TestCA,
OU=Test,
Eddy Nigg wrote:
A guesstimate is that less than 1 out of 10 000 smart cards actually
are provisioned with keygen.
Can you backup your statement with facts please?
I wrote guesstimate. However, if we exclude a limited number
of security nerds (that mainly produce cards for themselves), and
On 2009-06-03 19:16 PDT, Wan-Teh Chang wrote:
That means that you always put the cert and its chain into the client's
cache, and cache the negotiated SSL session, where it will be restarted
by future attempts to connect to the same host/port. This seems
inadvisable.
Yes, that's an issue.
agentma...@hotmail.com wrote:
Hi,
I am trying to run the following example code for Mozilla-JSS provider
but it always gives:java.security.InvalidKeyException: Key is not the
right type for this algorithm for init function. The same code runs
perfectly fine with Sun default provider.
I took
agentma...@hotmail.com wrote:
Hi,
I am trying to run the following example code for Mozilla-JSS provider
but it always gives:java.security.InvalidKeyException: Key is not the
right type for this algorithm for init function. The same code runs
perfectly fine with Sun default provider.
I took
On Thu, Jun 4, 2009 at 1:15 PM, Nelson B Bolyard nel...@bolyard.me wrote:
The SSL client session cache only caches the server cert, not the
server cert chain. So, unless you arrange to save the server cert chain,
the chain will always be incomplete for a session resumption.
At it happens,
How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
New Mozilla browsers released after this date do not and will not have the
problem you described above. So, it should not be necessary to retain the
MD2 certs in the root list for these new
How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
New Mozilla browsers released after this date do not and will not have the
problem you described above. So, it should not be necessary to retain the
MD2 certs in the root list for these new
How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
New Mozilla browsers released after this date do not and will not have the
problem you described above. So, it should not be necessary to retain the
MD2 certs in the root list for these new
On 2009-06-04 16:55 PDT, Wan-Teh Chang wrote:
On Thu, Jun 4, 2009 at 1:15 PM, Nelson B Bolyard nel...@bolyard.me
wrote:
There is a similar function for suspending and restarting the SSL
handshake processing at another point where there may be long delays,
namely, when the user needs to
On 2009-06-04 02:23 PDT, Néric wrote:
Context:
I am working on PKI cross certification using a PKI bridge.
To fetch missing certificates, I use the following AIA certificate
extension:
CA Issuer: URI : http://_...@ftp_server__/.../bundle.p7c
where bundle.p7c contains the missing
16 matches
Mail list logo
