On Wed, Sep 26, 2001, Darrin Powell wrote:
I have question about using ssl for sendmail. Can you run secure email
via ssl wrapper of some sort and nonsecure email no ssl wrapper at the same
time? Reason being is to have both running to migrate off of regular mail to
secure mail.
If
Eric Rescorla wrote:
There are a number of situations where one wishes to authenticate
clients based on their DNS names:
(1) SMTP/TLS.
(2) Secure remote backup.
In such cases the clients often (though not always) have fixed IPs.
Well, I'll be happy when IPv6 is ubiquitous (coming any
Eric Rescorla wrote:
Götz Babin-Ebell [EMAIL PROTECTED] writes:
[1 text/plain; us-ascii (7bit)]
Don Zick wrote:
Hello Don,
I'm not actually using DNS at all. For the application I'm working with
the TLS clients and servers must be statically configured with a Fully
Michael Sierchio [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
There are a number of situations where one wishes to authenticate
clients based on their DNS names:
(1) SMTP/TLS.
(2) Secure remote backup.
In such cases the clients often (though not always) have fixed IPs.
Götz Babin-Ebell [EMAIL PROTECTED] writes:
And how gets he the connection IP-Address - FQDN ?
-He uses DNS.
I think you need to reread his message since that's not
what he says.
If he wants to allow user XYZ presenting certificate C_XYZ to
do some things, all he has to do is look in an
On Wed, 26 Sep 2001 09:43:02 -0700, Michael Sierchio wrote:
Don Zick wrote:
I have recently started using OpenSSL. (I have found the SSL and TLS
book by Eric Rescorla to be invaluable.) I am having a problem with
client authentication. After a successful SSL_accept() I have some logic
that
On Wed, Sep 26, 2001 at 06:46:34PM +0100, Richard Grey wrote:
Hello,
I've got and compiled OpenSSL-engine-0.9.6b on Windows 2000 using nmake
-f ns\ntdll.mak.
Great.
Question is, now what do I do ?
I can't find any documentation on what to do next. I'm trying to
Don Zick wrote:
Hello Don,
I'm not actually using DNS at all. For the application I'm working with
the TLS clients and servers must be statically configured with a Fully
Qualified Domain Name. I match up the statically configured FQDN for a
client with the DNS name from the client's
David Schwartz wrote:
Sufficient for what? I may not want to send my credit card information to
anyone who has a Verisign certificate, but I might be willing to send it to
someone who has a Verisign certificate for 'www.amazon.com' or has that
listed as one of the alternate names.
On Wed, 26 Sep 2001 15:21:09 -0700, Michael Sierchio wrote:
David Schwartz wrote:
Sufficient for what? I may not want to send my credit card
information to anyone who has a Verisign certificate, but I might be
willing to send it to someone who has a Verisign certificate for
Valery --
This field in a certificate points to where the issuer will make its
certificate revocation list available. If you are using OpenSSL or OpenCA
(based off of OpenSSL) to issue your certificates you will want to probably
put up a web server or LDAP capable directory where you can
Hello again:
I read the OSPKI book, which pointed me at the sign.sh
script which helped quite a bit. I'm wondering if anyone can
help me with a few specifics.
So far, how I understand a certificate request gets signed
is:
1) put the CSR into a file.
2) generate a configuration file that
12 matches
Mail list logo
