What you're trying to do is a who is watching the watchers kind thing and
as you described, you do this by adding another central piece of machinery to
the picture where another central piece of machinery is easily manipulated
into rogue actions. I don't see how this would make anything
Wan-Teh Chang wrote:
But Michael Wu of Mozilla just started porting NSPR to Android.
So I expect NSS will be ported to Android soon.
Sorry if that's slightly off-topic, but what crypto layer does the
Androïd browser use then ?
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
Nguyễn Đình Nam wrote:
What you're trying to do is a who is watching the watchers kind thing...
...Every existing CA [...] made a promise to comply to the universal PKI
trust policy, we just need a scheme to enforce their promise.
If we need a scheme to enforce some TTP's promise of
On Feb 22, 5:11 pm, makrober makro...@gmail.com wrote:
...Every existing CA [...] made a promise to comply to the universal PKI
trust policy, we just need a scheme to enforce their promise.
If we need a scheme to enforce some TTP's promise of uncorruptibility, he
evidently does not qualify
On Feb 22, 2010, at 13:03 , Nguyễn Đình Nam wrote:
I agree with you that you should revive the CA selection protocol, but
we should also add 01 Auditing layer above of it anyway, it's an
independent problem.
CA-s are audited, AFAIK that's one of the basic requirements. If your problem
is
On 15/02/2010 02:57, Subrata Mazumdar wrote:
Since IE and Chrome (do not know about Safari and Opera) uses the same
Windows Crypto DB/Manager, the imported keys/certificates in PKCS#12 is
always visible to both browsers. FF does not uses Windows CertDB - FF
uses it's own CertDB. As a result,
On Mon, Feb 22, 2010 at 12:55 AM, Jean-Marc Desperrier
jmd...@alussinan.org wrote:
Sorry if that's slightly off-topic, but what crypto layer does the Androïd
browser use then ?
It uses OpenSSL.
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On 2010/02/22 02:11 PST, makrober wrote:
Nguyễn Đình Nam wrote:
What you're trying to do is a who is watching the watchers kind thing...
...Every existing CA [...] made a promise to comply to the universal PKI
trust policy, we just need a scheme to enforce their promise.
If we need a
Nelson B Bolyard wrote:
On 2010/02/22 02:11 PST, makrober wrote:
CHHIC controversy has exposed the fallacy of current SSL implementation
premise,
Rather, it has exposed an unrelenting amount of accusation without
evidence. Show us a single falsified certificate. Anything less is
unworthy
This does not mean that the certificate verification mechanics are at
fault;
it only means that CA selection protocol has not been thought out properly:
it limped along with a handful of CAs, it is showing the serious symptoms
of the malaise with hundreds. In the meantime, does anybody
Hello Kurt and others.
This is something I'd like to see a very long answer from someone in charge of
these thing in Mozilla.
TIA,
Martin.
On Feb 22, 2010, at 23:25 , Kurt Seifried wrote:
This does not mean that the certificate verification mechanics are at fault;
it only means that CA
Hi Kurt,
I think it's more subtle than that, some of the problems in brief:
1) Mozilla/Firefox either trust a CA 100% or not at all.
Correct.
3) It's very difficult even for technical users to find out who
exactly signed a certificate. For example a certificate is signed by
valicert,
Hi,
Test server at https://ssltls.de
none of the two images is visible with my Fx3.6. I don't give any
guarantees about my prefs and addons, though.
Jan
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
13 matches
Mail list logo