On Tue, Feb 1, 2011 at 1:19 PM, Marsh Ray wrote:
On 02/01/2011 02:41 PM, Anders Rundgren wrote:
What about the client cert in a smart card?
That's old and standard and supported by Mozilla.
I don't know what kind of prices you'd have to pay for small quantities
though.
$119 if you go with
On Tue, Feb 1, 2011 at 12:02 PM, Marsh Ray wrote:
can meet the requirement of "implement it
only for some accounts" (with the implicit requirement that it doesn't
bother or affect people who are not using it). Can a client certificate
solution be made to work?
Those accounts would probably h
Everyone,
It has occurred to me that many, many open source software projects use
Mozilla's vetted CA list. None of them, to my knowledge, compensate Mozilla
for its time and fiscal expenditure in vetting that list. (Also, I do not know
if there are any actual contracts that CAs have entered
One of the main features of the sqlite key storage engine is that multiple
processes can read from and write to it at once, using sqlite's file locking
ACID semantics. This prevents it from becoming corrupted by multiple
accessors. In order to implement this, I would guess that they decided n
I can tell you that Eddy Nigg's (Startcom) system drops all ATTRIBUTE requests,
relying on the CSR simply as a means of knowing what the public key is and
proof of possession of the private key.
and believe me, it'd be much easier if it didn't.
-Kyle H
On Thu, Jun 17, 2010 at 11:45 AM, Nelson
Wasn't a new version of NSS released (and thus JSS) that had a cert9.db and
key4.db? Those are SQLite3 databases, and are the only versions that actively
support multiple processes writing to them.
-Kyle H
On Mon, Jul 5, 2010 at 4:13 PM, james07 wrote:
I notice the cert8.db and key3.db fil
File a bug. (If we're going to annoy the users every time they first encounter
a security exception, we might as well go whole-hog and do it every time they
encounter a security exception.)
-Kyle H, the embittered
On Fri, Jun 4, 2010 at 7:21 PM, TEO Tse Chin wrote:
Hello,
I encountered an
On Thu, Mar 4, 2010 at 6:42 AM, Eddy Nigg wrote:
Chris Hills wrote:
Perhaps there is place for a fork of firefox (perhaps an "enterprise"
version) that uses the windows certificate store and dispenses with the
local certificate store. I understand that support for MSI installation
is already
Let's see. Difficulties: Everything.
Management of expired certificates, both your own and others'. Management of
revoked certificates, both your own and others'. Management of keys.
Management of certificate requests. Management of multiple certificates with
differing Subjects, on a bro
On Wed, Oct 7, 2009 at 4:11 PM, Ian G wrote:
I *know* that it does not check that the cert is issued by a CA that is
trusted for client auth, because in Firefox, NO CAs are trusted for
client auth. (Does that surprise you?)
Yes!
why? Firefox doesn't have clients, so it doesn't need to au
2009/6/26 Michael Ströder :
Nelson B Bolyard wrote:
But only a small minority of mail users use MUAs
that reside on their own computers today. Webmail rules,
That might be true in the U.S. It's not true here in Germany.
and entrusting your private key to your free webmail provider makes
n
I really hate the licensing on that add-on, by the way -- it flies in the face of what
freedom is, and they call it the "doubly-free" license by removing the freedom
associated with the GPL?
-Kyle H
On Thu, Jun 25, 2009 at 2:31 AM, Gervase Markham wrote:
On 24/06/09 23:49, Nelson B Bolyard wr
12 matches
Mail list logo
