Re: Should I use SECITEM_AllocItem or PORT_Arena{,Z}Alloc memory allocation ?

2009-12-17 Thread Nelson B Bolyard
On 2009-12-17 13:39 PST, Konstantin Andreev wrote: > Hello, Nelson. > > Thank you for your response. > > On Tue, 17 Dec 2009, Nelson B Bolyard wrote: >> The use of arena pool marks is merely necessary to ensure proper >> cleanup in the rare case where the first of those two allocations >> succee

Re[2]: Should I use SECITEM_AllocItem or PORT_Arena{, Z}Alloc memory allocation ?

2009-12-17 Thread Konstantin Andreev
Hello, Nelson. Thank you for your response. On Tue, 17 Dec 2009, Nelson B Bolyard wrote: On 2009-12-16 03:01 PST, Konstantin Andreev wrote: I see NSS code uses SECITEM_AllocItem() and PORT_Arena{,Z}Alloc() memory allocation routines almost interchangeably. Yes, almost. I see that SECITEM

Re: Attribute Certificates

2009-12-17 Thread Nelson B Bolyard
On 2009-12-17 08:52 PST, Kai Chan wrote: > Nelson, > > Thank you for your response. I guess I'll take a look at the ASN.1 > encoders and decoders for how to provide that functionality. I take it > if it were to be added, it should be added to certutil. Yes, and also to "pp", the tool that decod

Re: Attribute Certificates

2009-12-17 Thread Kai Chan
Nelson, Thank you for your response. I guess I'll take a look at the ASN.1 encoders and decoders for how to provide that functionality. I take it if it were to be added, it should be added to certutil. Thanks, Kai On Thu, Dec 17, 2009 at 10:40 AM, Nelson B Bolyard wrote: > On 2009-12-16 13:07

Re: cert extension: authority key identifier (AKI)

2009-12-17 Thread Nelson B Bolyard
On 2009-12-16 05:08 PST, Daniel Joscak wrote: > Hi all, > > I found it here http://www.mozilla.org/projects/security/certs/policy/ > thank you very much for all the explanations, especially the one with the > "silent upgrade" by Jean-Marc. The event that Jean-Marc named "silent upgrade" is more c

Re: Attribute Certificates

2009-12-17 Thread Nelson B Bolyard
On 2009-12-16 13:07 PST, Kai Chan wrote: > Is it possible to generate attribute certificates, as specified in RFC > 3281, in NSS? NSS's ASN.1 encoder and decoders are quite capable of encoding and decoding them, but no "templates" have yet been created that correspond to the sequences defined in

Re: Should I use SECITEM_AllocItem or PORT_Arena{, Z}Alloc memory allocation ?

2009-12-17 Thread Nelson B Bolyard
On 2009-12-16 03:01 PST, Konstantin Andreev wrote: > I see NSS code uses SECITEM_AllocItem() and PORT_Arena{,Z}Alloc() memory > allocation routines almost interchangeably. Yes, almost. > I see that SECITEM_AllocItem(), basically, just wraps PORT_ArenaZAlloc() > into the "arena mark" brackets: I