The NSS Development Team announces the release of NSS 3.15.5.
Network Security Services (NSS) 3.15.5 is a patch release for NSS 3.15.
New functionality:
* Added support for the TLS application layer protocol negotiation
(ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
SSL_ENABLE
Are you building on a 64bit system? Did you set the USE_64=1 environment
variable?
See also
https://developer.mozilla.org/en-US/docs/NSS_Sources_Building_Testing
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Do, 2014-01-30 at 10:37 +, Gervase Markham wrote:
> Does anyone know how one might configure Firefox to have a Trusted OCSP
> Responder (i.e. to send all OCSP requests for any certificate to a
> single server, and trust whatever it returns)?
>
> This is the only docs I can find about it:
>
On Di, 2013-12-17 at 16:02 +0100, Stéphanie Ouillon wrote:
> I'm in the Firefox OS Security team and I'm starting working on adding
> support for stronger passwords in the Firefox OS lockscreen (bug 877541)
> [1].
> At the moment, only a 4-digit password can be configured and we want to
> improve
On Mi, 2014-01-08 at 16:34 -0800, Julien Pierre wrote:
> The following still tests are still failing on the internal network on
> Linux, though.
>
> tstclnt: TCP Connection failed: PR_IO_TIMEOUT_ERROR: I/O operation timed out
> chains.sh: #2452: Test that OCSP server is reachable - FAILED
>
> I
Have you ever seen a TLS server that was incompatible with TLS session
IDs?
I helped to analyze bug 858394 (with the help of ssltap), where initial
connections to a TLS server work, but attempts to reconnect fail.
If the client includes a non-null session ID parameter in the client
hello message,
The NSS Development Team announces the release of NSS 3.15.4.
Network Security Services (NSS) 3.15.4 is a patch release for NSS 3.15.
The following security-relevant bug has been resolved.
Users are encouraged to upgrade immediately.
* Bug 919877 - When false start is enabled, libssl will sometim
On Do, 2014-01-02 at 19:34 -0800, Julien Pierre wrote:
> The new OCSP stapling tests in NSS 3.15.3 are all failing on our Solaris
> machines. See error log below.
> We have a slightly smaller number of failures on Linux.
>
> Are these tests going out to a public OCSP responder on the Internet ?
The NSS Development Team announces the release of NSS 3.15.3.1.
Network Security Services (NSS) 3.15.3.1 is a patch release for NSS 3.15.
No new major functionality is introduced in this release.
The following security-relevant bugs have been resolved in NSS 3.15.3.1.
Users are encouraged to upg
On So, 2013-11-17 at 02:15 -0800, Sean Leonard wrote:
> Hi NSS people:
>
> I am trying to build NSS 3.15.3 for Windows using the bundle on
> ftp.mozilla.org
> (https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_3_RTM/src/).
>
> I am getting a build problem:
>
> nsinstall
The NSS Development Team announces the release of NSS 3.15.3.
Network Security Services (NSS) 3.15.3 is a patch release for NSS 3.15.
No new major functionality is introduced in this release.
The following security-relevant bugs have been resolved in NSS 3.15.3.
Users are encouraged to upgrade i
The NSS Development Team announces the release of NSS 3.14.5.
Network Security Services (NSS) 3.14.5 is a patch release for NSS 3.14.
No new major functionality is introduced in this release.
The following security-relevant bugs have been resolved in NSS 3.14.5
Users are encouraged to upgrade im
The NSS Development Team announces the release of NSS 3.14.4.
Network Security Services (NSS) 3.14.4 is a patch release for NSS 3.14.
No new major functionality is introduced in this release.
This release is a patch release to address CVE-2013-1739.
The full release notes are available at
https:
On Mon, 2013-09-16 at 22:47 +0200, Kai Engert wrote:
> DetecTor is an open source project to implement client side SSL/TLS MITM
> detection, compromised CA detection and server impersonation detection,
> by making use of the Tor network.
The integration of transparent client side pro
On Thu, 2013-09-26 at 16:29 -0700, Brian Smith wrote:
> On Mon, Apr 8, 2013 at 2:52 AM, helpcrypto helpcrypto
> wrote:
> >
> > While awaiting to http://www.w3.org/TR/WebCryptoAPI/ Java applets for
> > client signning, signText and are needed.
> > Also things like Handling smart card events or Lo
I've started yet another project to solve "the right key" problem.
DetecTor is an open source project to implement client side SSL/TLS MITM
detection, compromised CA detection and server impersonation detection,
by making use of the Tor network.
In short, make use of the existing Tor network, per
On Wed, 2013-08-07 at 17:12 +, James Burton wrote:
> Hi,
>
> I would like to know were i could download Netscape Security Library which
> Mozilla NSS was build on.
This page attempts to collect a small selection of links to get you
started: http://nss-crypto.org/
However, the official proj
On Tue, 2013-08-06 at 09:41 -0700, epva...@gmail.com wrote:
> So, how can I "Add Exception" using NSS tools? I'm able to get the cert
> installed in a way that doesn't work using this command:
You cannot. The exceptions feature has been added at the Mozilla
application layer, above NSS. The host
On Thu, 2013-07-18 at 10:31 +0200, Nilakantha Paudel[NILU] wrote:
> I am involving in research of web security. More precisely Nowadays I am
> working on "KEYGEN" keyword of HTML5. I tried to navigate to the block of
> source code where it works with this keyword "KEYGEN" of HTML5.But I could
> no
On Wed, 2013-07-10 at 11:20 -0700, Robert Relyea wrote:
> On 07/08/2013 12:00 PM, Rick Andrews wrote:
> What context are you talking about? If you remove the roots from firefox
> using the firefox UI, it won't remove the roots for other applications.
I guess Rick talks about getting it removed
The NSS team has released Network Security Services (NSS) 3.15.1, which is
a minor release.
The HG tag is NSS_3_15_1_RTM. NSS 3.15.1 requires NSPR 4.10 or newer.
Detailed release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.1_release_notes
NSS 3.15 source distribu
The NSS team has released Network Security Services (NSS) 3.15, which is
a minor release.
The HG tag is NSS_3_15_RTM. NSS 3.15 requires NSPR 4.10 or newer.
Detailed release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15_release_notes
NSS 3.15 source distributions ar
Falcon's message appeared broken again (signature stripped).
Apparently my changes to the list configuration changes have been
reverted. :(
I'll have to talk to Mozilla IT.
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Sun, 2013-05-19 at 02:15 -0600, Falcon Darkstar Momot wrote:
> It worked, but isn't signed.
The message is shown as signed by evolution.
I believe you experience a display bug (or rather limitation) in
Thunderbird.
The mailing list software wraps the original message into a
multipart/mixed e
Either groups.google.com or giganews ignores (drops) messages containing
a base64 encoded block of data, such as the one contained in S/MIME
signed messages. We had asked to get this resolved [1], but didn't get a
response, and it's still broken.
Apparently the following archives correctly include
The mailing list was configured to allow application/x-pkcs7-signature,
but it didn't allow application/pkcs7-signature. I've changed the
configuration to allow the latter, too.
Previous messages that were signed were displayed incorrectly by mail
client evolution, which complained about a message
On Wed, 2013-04-10 at 11:36 -0700, daniemarq...@gmail.com wrote:
> I'm trying to generate a Certificate Signing Request to be later signed by a
> CA and imported to a NSS database.
>
> Currently Using the following commands:
>
> certutil -R -d alias -f nssPasswordFile -s "sample-dn" -n "sample-
About 2 weeks ago, we had announced that NSS version 3.15 will use a new
directory layout.
We assume that consumers and packagers of NSS will have to adjust their
environment to the new layout. In order to allow you to prepare early,
you may use the BETA 1 version that we have made available.
htt
I'm sending this explanation because I've seen several people being
confused, and I anticipate the confusion might continue for a while.
Since nobody else has done so yet, I'm writing this clarification in the
hope it is useful to avoid future confusion.
As of today, there are development branche
Please ignore the "Draft" statement in the subject, it's no longer a
draft :)
Thanks
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
ject.org/wiki/Test_Day:2013-03-28_Shared_System_Certificates
For general discussions about Mozilla, NSS and this feature, feel free
to reply to this message. For questions specific to the Fedora
development, it might be best to use the Fedora development list
http://lists.fedoraproject.org/mailman/listinfo
To all users of the NSPR, NSS and JSS libraries,
we would like to announce a few technical changes, that will require you
to adjust how you obtain and build the code.
We are no longer using Mozilla'a CVS server, but have migrated to
Mozilla's HG (Mercurial) server.
Each project now lives in its
On Sun, 2013-02-10 at 16:26 -0500, David H. Lipman wrote:
> "VerefedByVisa" wrote in message
> news:mailman.139.1360444568.29872.dev-tech-cry...@lists.mozilla.org...
>
> Phishing in a news group. How nice.
I don't understand why that message got through.
The sender isn't a list member and sho
On Fri, 2013-02-08 at 20:38 +0100, Kai Engert wrote:
> I'm having trouble posting to this list.
The list was configured to silently discard messages that it considered
to be spam based on keywords in the message subject, and that list of
keywords included the word "lucky".
On Fri, 2013-02-08 at 12:35 -0800, Nelson B Bolyard wrote:
> Today I have given up the position of list owner and moderator for the
> dev-tech-crypto mailing list and mozilla.dev.tech.crypto news group, a
> position I have held since the list was formed over 10 years ago.
Hello Nelson,
thank you
The NSS team has worked on a fix for the "Lucky Thirteen" Attack
http://www.isg.rhul.ac.uk/tls/
and has published a beta release which includes that work
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/beta/NSS_3_14_3_BETA1/src/
We'd like to invite users of the NSS library to participate in
On Fri, 2013-02-08 at 11:41 -0800, Tanvi Vyas wrote:
> On 2/8/13 11:38 AM, Kai Engert wrote:
> > I'm having trouble posting to this list.
> >
> > I'm trying to get an announcement posted,
> > but the messages simply disappear without errors.
> >
> >
I'm having trouble posting to this list.
I'm trying to get an announcement posted,
but the messages simply disappear without errors.
If you end up seeing my messages multiple times,
please apologize.
This issue is being tracked in
bugzilla at mozilla dot org number 839245.
(Not including a link
test 2
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Tue, 2013-02-05 at 23:51 +0100, Kai Engert wrote:
> On Mon, 2013-02-04 at 11:18 -0800, Wan-Teh Chang wrote:
> > * NSS will now make use of the Intel AES-NI and AVX instruction sets
> > for hardware-accelerated AES-GCM on 64-bit Linux systems.
>
> Because it turns out
On Mon, 2013-02-04 at 11:18 -0800, Wan-Teh Chang wrote:
> * NSS will now make use of the Intel AES-NI and AVX instruction sets
> for hardware-accelerated AES-GCM on 64-bit Linux systems.
Because it turns out to be an FAQ:
On Linux, because of this change, we require at least GNU "as" version
2
The NSS 3.14.2 release introduced a build time dependency on a newer
release of SQLite.
That strict dependency wasn't intended and has been removed in CVS. If
you need to build against an older SQLite, you may apply the patch from
https://bugzilla.mozilla.org/show_bug.cgi?id=837799
Kai
--
dev
On Sun, 2013-01-27 at 17:00 -0800, Brian Smith wrote:
> Hi all,
>
> I tagged NSS 3.14.2 BETA 3 and pushed it to mozilla-inbound to fix
> build breakage of ASAN and dxr builds.
>
> Also, now mozilla-central contains a patch for bug 834091. That patch
> adds a new public function to libsmime,
> SE
On Thu, 2013-01-24 at 23:54 +0100, Jan Lühr wrote:
> I noticed that some Root-CA-certificates (like CCNIC, Turktrust)
> deleted by me reappeared after the last auto-updated. Is there a reason
> for doing so? Personally, I decided, that I don't trust these
> certificates and therefore I removed the
On Thu, 2013-01-24 at 10:40 +0100, Jan Lühr wrote:
> > I noticed that my firefox installation included a wildcard
> certificate issued by Entrust.net (attached (*)). I'm not clear how it
> got there but wildcard certs make me suspicious by nature. Can you help
> me out?
> Apparently it got strippe
On Mon, 2012-12-31 at 16:26 +0100, Kai Engert wrote:
> I propose to more actively involve users into the process of accepting
> certificates for domains.
I propose the following in addition:
Each CA certificate shall have a single country where the CA
organization is physically located
On Mon, 2012-12-31 at 11:17 -0500, Eitan Adler wrote:
> Expect the user to click yes to every dialog if prompted without reading.
>
> [*] note, I am not talking about people like you or I that have an
> understanding of the implications here. I am talking about the
> typical user that studies ha
On Mon, 2012-12-31 at 10:38 -0500, Eitan Adler wrote:
> * user gets confused: "what the heck is this screen"?
It's good if users are educated what is going on.
We could have a switch to completely turn this off, if the user really
doesn't care.
> * user realizes that pressing yes usually works
I propose to more actively involve users into the process of accepting
certificates for domains.
I envision a UI where users are required to approve once, whether the
combination of a CA and a domain is acceptable to the user.
The following UI would be shown whenever a user starts a connection to
I propose to more actively involve users into the process of accepting
certificates for domains.
I envision a UI where users are required to approve once, whether the
combination of a CA and a domain is acceptable to the user.
The following UI would be shown whenever a user starts a connection to
Brendan Eich suggested posting to this list, too
(already posted yesterday to Mozilla's dev-planning list).
Hello Mozilla, I'd like to announce a change.
PSM is the name of Mozilla's glue code for PKI related [1] security
features, such as certificate management, web based certificate
enrollment
I haven't worked on the lowlevel code myself yet, so I'm not sure how
exactly it works.
But I just had a look at PSM code nsSDR.cpp, and I'm learning that
"secret decoder ring" appears to be a functionality provided by NSS,
because I see functions with prefix PK11SDR
There is another NSS tool nam
On Wed, 2012-11-14 at 15:15 +, Gustavo Homem wrote:
> So I need to find out how to call libnss se actually generate a key for
> key3.db. But I'm half amazed that it isn't possible via certutil or other CLI
> interface.
We'll see, maybe it is, but first we need to identify exactly what you
w
On Wed, 2012-11-14 at 14:21 +, Gustavo Homem wrote:
> Hi,
>
> I am able to progamatically create key3.db from a script, using
>
> certutil -N -d ...
Hi Gustavo,
this simply prepares an empty database that you need for future
operations.
> However this initalization does not add to this fi
On Tue, 2012-11-06 at 22:19 +0800, tehhzstar wrote:
> Hello,
>
> Currently, does Mozilla NSS support encrypting of file attachments?
> Since it can encrypt email messages, I suppose, it can also support
> encrypting of file attachments?
NSS supports encryption.
Regarding email attachments, N
On Thu, 2012-10-25 at 15:36 +0200, Wolfgang Rosenauer wrote:
> With that version the testsuite fails:
>
> [ 1202s] chains.sh: #2294: Test that OCSP server is reachable - FAILED
> [ 1202s] chains.sh: #4023: Test that OCSP server is reachable - FAILED
> [ 1202s] chains.sh: #6393: Test that OCSP ser
The NSS team has released Network Security Services (NSS) 3.14, which is
a minor release with the following new features:
- Support for TLS 1.1 (RFC 4346)
- Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
- Support for AES-CTR, AES-CTS, and AES-GCM
- Support for Keying Materi
In the upcoming NSS 3.14 release, the default behavior for
certificate signatures using the MD5 hash algorithm will change to
"reject by default" (see Mozilla bug 590364).
Starting with NSS 3.14, when attempting to validate certificates
containing such signatures, a new error code can be returned:
On Fri, 2012-09-07 at 20:53 +0500, Muhammad Ashraf Nadeem wrote:
> I want to
> remove all of the buit-in certification authorities in it. please let me
> know how mozilla manages the authorities in its source code, i mean in
> which direcotry of source.
The list of root certificates is part
On 25.08.2012 09:58, Ismail JH wrote:
> I'm new here, and I would like to contribute in this bug:
> Bug 663733 -
> Add ability to generate signed OCSP responses for testing
>
> - Can this task be assigned to me ?
You are welcome to work on it and submit patches, as attachments to the
You provided a 5 digit bug number which is "menu toolbar doesn't collapse".
I guess you are asking about a different bug number?
Regards
Kai
On 24.08.2012 10:46, Vasantharangan, Shruthi M. wrote:
> Hi,
>Could you kindly respond to the email below.
>
> Thanks
> Shruthi
>
> From: Vasantharangan
On 09.06.2012 11:53, Erwann Abalea wrote:
> Le vendredi 8 juin 2012 22:55:33 UTC+2, Rob Stradling a écrit :
> [...]
>> Might there be a Firefox 13.x point-release that will enable libpkix by
>> default?
>> Will Firefox 14 enable libpkix by default?
>> Or can you say that enabling libpkix by defaul
NSS version 3.13.5 has been released
and is available for download from
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_5_RTM/src/
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
I've started a project to produce an
experimental browser (Flowerbeetle) and an
experimental e-mail client (Flowerduck).
The purpose is to enable early testing of security
and PKI related changes, which are proposed for the Mozilla
platform (including Firefox and Thunderbird), but which
haven't
The NSS team has released NSS 3.13.4
CVS tag: NSS_3_13_4_RTM
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_4_RTM/
Please refer to https://bugzilla.mozilla.org/show_bug.cgi?id=741135
for the list of changes contained in this update.
Kai
--
dev-tech-crypto mailing list
dev
On 27.02.2012 18:09, Honza Bambas wrote:
is there some way to just see the current state for each branch? If
not, do you plan to build one?
Yes: https://kuix.de/mozilla/versions/
Regards
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo
I would like to make you aware of a new public mailing list, it can be
helpful it you want to track which NSPR/NSS versions are used by Mozilla
software.
https://kuix.de/mailman/listinfo/moz-nss-nspr
Description:
"This list watches several Mozilla (Firefox) branches and will send
announcement
Please find a more detailed description of my proposal
MECAI - Mutually Endorsing CA Infrastructure
at
https://kuix.de/mecai/mecai-proposal-v2.pdf
(PDF, 12 pages)
I'm looking forward to your feedback,
please let me know if parts are difficult to
understand or need clarification.
Best Regards
On 23.02.2012 20:53, Kai Engert wrote:
I've just sent the following message to Mozilla's dev-tech-crypto
mailing list, and I thought you might be interested, too.
I apologize for the double post, the second post was intended for a
different mailing list...
--
dev-tech-crypto ma
I've just sent the following message to Mozilla's dev-tech-crypto
mailing list, and I thought you might be interested, too.
While working on an updated paper of the MECAI proposal (which I hope to
post in the next couple of days), the following orthogonal idea came to
me. I don't know whether
While working on an updated paper of the MECAI proposal (which I hope to
post in the next couple of days), the following orthogonal idea came to
me. I don't know whether it is a new idea, or whether it has been
discussed/mentioned before.
Let's say the owner of a domain learns that a rogue cer
We have released NSS 3.13.3
The motivation for this quick follow-up release were the fixes for bug
727204 and bug 724929.
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_3_RTM/src/
Regards
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://list
On 19.02.2012 02:46, Stephen Schultze wrote:
Brian has in the past discussed proposed updates to NSS that would
allow us to penalize bad CA behavior by removing trust of all certs
from a given CA that were issued after a given date (or even for X
amount of time after a given date).
Someone ne
Due to an oversight, the official Firefox 10 release was shipped with a
beta snapshot of the NSPR base library.
We believe this is a minor issue, the difference between the beta
snapshot and the final version 4.9 are small.
You may inspect the differences at
https://bug727167.bugzilla.mozilla
We have released NSPR 4.9, cvs tag NSPR_4_9_RTM
We have released NSS 3.13.2, cvs tag NSS_3_13_2_RTM
Source code is available from
ftp://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.9/src/
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_2_RTM/src/
Kai
--
dev-tech-crypto
My criticism:
(a)
I don't like it that the amount of CRLs will be a subset of all CRLs.
What about all the revoked certificates that aren't included in the list?
With a dynamic mechanism like OCSP (and in the future OCSP stapling) you
don't have to make a selection.
(b)
I don't like it that
On 07.02.2012 17:54, Ondrej Mikle wrote:
The phone calls would ensure that each registered person will be aware
of the certificate issuance.
This is getting very close to EV validation (Sovereign Keys have the
same issue).
I'd say making phone calls is less effort than checking business
docu
My previous message was a proposed solution to the problem "attacker is
close to the server and uses it to obtain a new fraudulent cert", and I
proposed to use an organizational approach to prevent that attack.
In addition, another potential attack is, the attacker has obtained a
certificate f
On 21.10.2011 15:09, Kai Engert wrote:
This is an idea how we could improve today's world of PKI, OCSP, CA's.
https://kuix.de/mecai/
Review, thoughts and reports of flaws welcome.
Thanks to Peter Eckersley, who first mentioned to me at 28c3 that there
is one scenario that isn
Just a quick thought, that I don't want to lose.
Maybe it would be a reasonable middle-ground to define:
- for intermediate CAs, OCSP information is published in DNS
- for servers, we use OCSP stapling
(Rob, thanks for your response, I'm still digesting.)
Regards
Kai
--
dev-tech-crypto mailing
On 21.10.2011 15:09, Kai Engert wrote:
This is an idea how we could improve today's world of PKI, OCSP, CA's.
https://kuix.de/mecai/
After more brainstorming I came up with some incremental ideas.
Thanks a lot to Adam Langley for pointing out scenarios that weren't yet
suffi
(a)
I've installed Apache 2.3.14-beta with OCSP stapling enabled at:
https://kuix.de:5143/ - good certificate
https://kuix.de:5144/ - revoked certificate
Thanks to StartCom for providing me with free certificates, and also for
providing a free revocation service.
(b)
Note to other CAs, (as i
The NSS team released version 3.13.1, a general patch release.
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_1_RTM/src/
SHA1SUM:
d8e7ee9f9f1e0bfa2ea8b72d25727634fea130a6 nss-3.13.1.tar.gz
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists
This is an idea how we could improve today's world of PKI, OCSP, CA's.
https://kuix.de/mecai/
Review, thoughts and reports of flaws welcome.
Thanks and Regards
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
NSPR 4.8.9 and NSS 3.12.11 have been released
and are available for download from ftp.mozilla.org
or using CVS tags NSPR_4_8_9_RTM / NSS_3_12_11_RTM
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Hi Ralph,
if you have resources to work on this or to coordinate this, please go
ahead. I haven't yet. If I should, I would contact you to coordinate.
Regarding traceroute, you could look at the existing WorldIP Add-On,
which claims to support it, and potentially copy that code, under the
as
On 16.06.2011 13:52, Gervase Markham wrote:
On 11/06/11 12:03, Michael Ströder wrote:
This means if the user accidently sent in contact information in an
e-mail footer this information is also disclosed. If not already there
you should put a strong hint on the web page that the signed S/MIME
mes
I would like to propose that someone could implement an addon for
Mozilla applications with the following functionality:
- it comes with a list of several hundred known major services,
including https and email servers.
- if the user gets a certificate error on one of the
major sites, we ch
On 10.06.2011 13:33, Jean-Marc Desperrier wrote:
Kai Engert wrote:
I'm thinking the following could solve the problem
Please help me: which problem is it, that you want to solve, that isn't
yet solved by the current implementation?
Ease of use, understandability of the proce
On 08.06.2011 14:15, Jean-Marc Desperrier wrote:
This seems to be solved with my implementation, because my keyserver can
forward the original signed message.
But it's not really a great solution.
Why not?
I'm thinking the following could solve the problem
Please help me: which problem
On 08.06.2011 13:51, Jean-Marc Desperrier wrote:
Is the script smart enough to identify and extract the encryption
certificate in the mail when the sender uses separate signature and
encryption certificates ? (and of course the S/MIME properties are
correctly set to identify this, and propagate
On 03.06.2011 00:12, Kai Engert wrote:
In short, go to
http://kuix.de/smime-keyserver/
and give it a try.
...
(as of today, the keyserver accepts the same signing roots
as Mozilla software. It also allows certs from cacert.org)
In addition it will also accept the certs from
http
How are cert renewals handled? Will you send an e-mail about certs soon
to be expired to encourage the user to send in a newer cert?
Not yet, but it wouldn't be a lot of work to setup a daily cronjob that
walks through the list of stored certs.
Also note that one of the issues is that the F
In short, go to
http://kuix.de/smime-keyserver/
and give it a try.
Although I can't guarantee that this service will continue to run,
I will try to keep it up,
and I would like to see many people using it.
Longer explanation:
The GPG/PGP world has long known the concept of keyservers - publ
NSPR 4.8.8 has been released.
CVS tag NSPR_4_8_8_RTM
ftp://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.8.8/src/
NSS 3.12.10 has been released.
CVS tag NSS_3_12_10_RTM
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_10_RTM/src/
Regards
--
dev-tech-crypto mailing list
This announcement is related to the same underlying issue as reported in
http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/
While the above mentioned hotfix was made at the Mozilla client
application level, we would like to provide a hotfix at the NSS level, to
NSS version 3.12.7 has been released and is available from ftp.mozilla.org
It should be used with NSPR version 4.6.8
(announcing on behalf of the NSS team)
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Please don't use NSPR 4.8.5.
The release tag got created without release testing and without
coordination. The NSPR/NSS team has decided to delete the CVS tag, which
I'll do shortly.
The next official release will be NSPR 4.8.6
Thanks and Regards,
Kai
--
dev-tech-crypto mailing list
dev-tec
Today I read some technical documents at http://www.torproject.org which
is a project that tries to enhance anonymity of Internet users, or allow
Internet users to circumvent censorship.
With Tor, your outgoing connections will be routed (using encryption) to
a chain of random Tor servers, unt
On 12.04.2010 16:22, Kai Engert wrote:
On 12.04.2010 07:36, Kurt Seifried wrote:
Right but I can't find any contact info for certificate patrol and I
figured if anyone knew about it, they're probably on this list. That
and I couldn't find an add-ons mailing list (how does on
101 - 200 of 252 matches
Mail list logo