the problem was being reported against linux, and reported it
against the linux version. If some other version is involved, please
correct that bug report.
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http
of money.
4/ All of the above
Two buttons: rip me off, protect me from the rip off
would undoubtedly change user responses.
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
from the older Netscape browsers,
and much of the original Netscape documentation on this subject still
applies. Look at
http://wp.netscape.com/eng/security/comm4-keygen.html
http://wp.netscape.com/eng/security/comm4-cert-download.html
You can ask more questions here.
--
Nelson B
intercept the request to ugprade to TLS and return a response saying that
it cannot do so. The client will then continue without any SSL/TLS at all.
Even SSL2 isn't that bad!
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http
the potential
use of 40-bit ssl2 ciphers, then disable the 40-bit ciphers.
Thanks for your advise but the fact is that we can do one thing : It is
to change some things on mozilla ... not one some servers in the world
which don't want to upgrade...
Thanks for your advice.
--
Nelson BSSL/TLS
.
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
in case of *root* cert compromission.
There's nothing above it to sign the validity information.
Can't it revoke itself?
Ah, I was wondering when paradoxes would enter this discussion.
CA self revocation: Everything I say is a lie.
I think not said Descartes, who promptly vanished.
--
Nelson B
+SSL3 capable servers implement that rollback attack
detection. I'd guess that the server you used is one of those that does not.
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
, and (I gather)
they think their users don't need those things either.
So, why do they bother with https at all?
If it's so much bother, and not offering any protections they need,
why do they bother? Are they stupid?
--
Nelson B
___
Mozilla-security mailing
Public finally understands
that he has to stop HIMSELF from giving away his assets.
self-issued certa and oppotunistic encryption do NOTHING to help out
those 299/300 BTW. They don't need more encryption. They need to know
when to stop.
--
Nelson B
The connection was established, but no data was ever received.
See
http://lxr.mozilla.org/aviary101branch/source/netwerk/base/public/nsNetError.h#186
Since that is not a security error, this is probably not the right newsgroup
to discuss it. But I don't know what group is the right one.
--
Nelson B
the webmaster.
Error 404
www2.futureware.at
Sun May 8 08:45:28 2005
Apache/2.0.50 (Linux/SUSE)
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
of his statement for yourself at http://certs.mozdev.org/
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
of them want to lose market share to the others.
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
Ian G wrote:
Nelson B wrote:
Ian G wrote:
(OTOH, something like SSLv2 v. SSLv3/TLSv1 is stopping
people elsewhere using crypto.
What are you talking about?
This one:
[here I have snipped an old message of mine that says that SSL2
servers are hindering the rollout of new optional TLS
Ian G wrote:
(OTOH, something like SSLv2 v. SSLv3/TLSv1 is stopping
people elsewhere using crypto.
What are you talking about?
Stopping people using
crypto should be a hanging offence. Come the revolution,
they will be the first against the wall...)
iang
--
Nelson B
behavior.
Out of the box, it's geared to Joe.
But Terry finds the button in the prefs to enable advanced mode.
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
Ram0502 wrote:
Ian G wrote:
This is something that Julien brought up and Amir
addressed by setting the border at the CA. As the
user identifies a particular CA as good, the security
app module accepts any cert from that CA.
Nice practical solution.
Except that it creates a monopoly situation for
Is there a way to turn off punycode for Seamonkey users?
If so, what is it, and
where is that information found on www.mozilla.org?
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla
for NSS questions.
Your assertion that apps must find and load that module is not true.
NSS looks through a list of places for it. If the app wants
to store it somewhere else, the app must tell NSS where it is.
--
Nelson B
___
Mozilla-security mailing
. But PSM is an
orphan. You're doing more to help PSM than has been done in a long time,
and I (for one) appreciate it. I just wish your work was going into the
main mozilla PSM source, rather than into an offshoot.
--
Nelson B
___
Mozilla-security mailing
HJ wrote:
Do you visit SSL protected sites with International Domain Name?
If that's a Yes, can you please add/e-mail the URL?
Darn, I just need one for testing :-(
Does https://www.xn--theshmogroup-bgk.com/ satisfy your need?
--
Nelson B
___
Mozilla
security issues in the UI.
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
.
--
Nelson B
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
, and so is probably irrelevant here.
--
Nelson B
12345678901234567890123456789012345678901234567890123456789012345678901234567890
0112233445566778
___
Mozilla-security mailing list
Mozilla
Nebergall, Christopher wrote:
In Apache and IIS you can specify Optional SSL Client authentication.
If Optional Client Authentication is specified should/does Mozilla
prompt the user for their PIN to access their certificates?
mozilla lets the user configure several things about SSL client
.
-Christopher
Your server must be configured to send a list of the names of the CAs that
it trusts to issue client auth certs. Mozilla will not prompt you if you
have no certs issued by any CAs in that list.
--
Nelson B
___
Mozilla-security mailing list
Henrik Gemal wrote:
Can we still get it in Firefox 1.0? That would be great!
It's too late:
http://gemal.dk/blog/2004/10/26/tdc_oces_certifikat_ikke_i_mozilla_firefox_10/
Please provide an english translation.
I haven't found any web site to translate Dansk into English. :-(
and never reuse
sessions. If you want your server to never reuse sessions, you should
make it behave that way.
--
Nelson B
___
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
.
But if that works, it's only a workaround, and we should still find and
fix the cause.
--
Nelson B
___
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
to netscape.public.mozilla.crypto.
The crypto people read that group more than this one.
--
Nelson B
. What
can I do? And any other ways?
Great question to ask in n.p.m.crypto! Please ask it there.
I recently wrote some code to do this for someone else who asked a similar
question. I'll post it in n.p.m.crypto when I return to the office in a
couple days.
--
Nelson B
.
The problem isn't lack of concern. It's lack of countermeasures that
cannot be defeated trivially by anyone who can download a patcher
program. Who wants to invest in ineffective countermeasures?
--
Nelson B
Michel D'Hooge wrote:
BTW, what is the format for obfuscation?
It's ordinary base-64 encoding.
Is it simple to convert it back to plain text?
Sure, just run it through any base-64 decoder tool, such as NSS's atob program.
--
Nelson Bolyard
Disclaimer: I
Ben Bucksch wrote:
Nelson B. Bolyard wrote:
Decisions about whether a file is safe for some purpose should be made
based on the MIME content type, not the file name or extension.
Tell that MS Windows :-(.
Netscape communicator was able to ignore the file name extension and
look up
michael lefevre wrote:
In article [EMAIL PROTECTED], Nelson B. Bolyard wrote:
Decisions about whether a file is safe for some purpose should be made
based on the MIME content type, not the file name or extension.
mozilla should always make the MIME content type easily accessible
Ulrich Eckhardt wrote:
Hi,
today i had received a suspicious e-mail with an attachement
(using Mozilla 1.2.1).
The filename is displayed as readme.xls (and 3 dots wich can
be easily overlooked). After having a closer look in the headers,
the full name of this attachement is
Mel wrote:
I'm really hosed and didn't know where else to turn to.
I need to extract a stored password, I chained the password to one of my
servers just before going on vacation and forgot it, here's info that
might help, thanks.
Did you forget the mozilla master password that you use
Mel, I sent your your password via a feedback page on your personal web site.
If you can't find it or cannot access it, write to my netscape email address.
Oh, and you should change that password again ASAP. It's no secret since
you posted it.
--
Nelson B
TGOS wrote:
On Wed, 13 Nov 2002 19:09:00 -0800 Nelson B. Bolyard
[EMAIL PROTECTED] wrote in netscape.public.mozilla.security:
The request is based on a false premise, that the key is
derived from the master password. The key is NOT derived from the master
password.
Then Mozilla
to netscape.public.mozilla.crypto
--
Nelson B
.
-Subhash
Nelson B. Bolyard [EMAIL PROTECTED] wrote:
Was this with PSM 1.x? or PSM 2.0 ? or ??
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape
Subhash Chopra wrote:
Outputs from SSLDump with Mozilla
Subhash Chopra wrote:
Outputs from SSLDump with Mozilla and various other browsers (ie IE,Opera
etc) revealed the following facts:
In case of a HTTPS request for a web site with say 4 gifs, mozilla opens up 4
TCP connections and do the SSL handshake including the clientkeyexchange,
43 matches
Mail list logo