This discussion started in the CA/Browser Forum public list; I'm moving it here
at Gerv's suggestion.
Mozilla recently posted its SHA-1 policy here:
https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/.
This blog is helpful, but not
On Monday, June 9, 2014 4:27:56 PM UTC-7, Rick Andrews wrote:
AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store
using NIST curves. Are any other ECC curves supported by Mozilla, in case one
wanted to use a different curve? Is the list of supported algorithms and key
AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store
using NIST curves. If a CA wanted to add a root using a different curve, we
would need to know what other curves were supported by Mozilla. Is this info
published anywhere?
--
dev-tech-crypto mailing list
I need to remove some 1024-bit roots from Firefox’s trust store, but I realize
that these trusted roots are part of the NSS library, and that the NSS library
is used by lots of other software, not just Firefox. Removing these roots may
have far-reaching consequences. I understand that there
I know that FF allows you to choose a CRL and it will check status against that
CRL when it finds a cert issued by the CRL issuer. Does anyone know if FF uses
the CDP in the cert or the cert's issuer name as a key to find the CRL?
The reason I ask is in regards to partitioned CRLs, where a CA
Is there a way in Firefox to suppress the client certificate dialog
when a web server wants a client cert for user authentication? IE
allows it to be suppressed via policy flag if there are zero or only
one cert in the cert store. I don't see any options in about:config
for this.
-Rick
--
How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
New Mozilla browsers released after this date do not and will not have the
problem you described above. So, it should not be necessary to retain the
MD2 certs in the root list for these new
How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
New Mozilla browsers released after this date do not and will not have the
problem you described above. So, it should not be necessary to retain the
MD2 certs in the root list for these new
How about the subject key ID? Did it change?
No, it didn't. The key and SKI stayed the same.
...
New Mozilla browsers released after this date do not and will not have the
problem you described above. So, it should not be necessary to retain the
MD2 certs in the root list for these new
On May 28, 3:12 pm, Nelson B Bolyard nel...@bolyard.me wrote:
On 2009-05-28 10:52 PDT, Kathleen Wilson wrote:
Just to make sure I understand…
In the VeriSign case the MD2 roots expire on 2028-08-01, and the SHA1
roots expire on 2028-08-02, so the SHA1 roots would take precedence in
NSS.
to
the contrary?
-Rick Andrews
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
11 matches
Mail list logo
