I see who you are talking about
But I think it is a IETF pb to provide an informational RFC to provide a map between certificate DN and DNS namespace and to provide a mechanism to look at CERT and CRL Then it is an ICANN problem to implement on the root-servers and delegate to ohers...
Hello all,
I had posted this request sometime back.
I have created a simple ssl client/server apllication.I need to add
the crl functionality in it too. I'm unable to understand how to go about
it.
Could someone please tell me how to do it.
shine on
Hi Hu,
hu wrote:
Hi, all
I use a script to run openssl command 'openssl sime' for signing message.
For example, running openssl smime -sign -inkey PrivateKey.pem. Then
command asks me input pass PEM password. How to avoid giving password
in a interactive way, i.e. how to pass password to
I was wondering if the best system to build a global PKI wouldn't be the
DNS system already in place?
A global PKI is a Bad Idea. Nobody is sufficiently trustworthy to be the
root CA.
Keith
__
OpenSSL Project
Correction: A single global rooted PKI is a bad idea, a single global (in
the namespace sense, not a single system) PKI database where we can look up
certificates is a good idea.
assuming that you can keep the folks who control the TLDs from trying
to sell themselves as authoritative CAs for
Unfortunately, Zymyrgy's Law of Evolving Thermodynamics applies here.
The worms are out of the can, and I suggest anybody who wants to fight
this battle order at least a 4-sizes-larger can
these particular worms are still in the can, and it's probably better
for everyone if they stay
Correction: A single global rooted PKI is a bad idea, a single global (in
the namespace sense, not a single system) PKI database where we can look up
certificates is a good idea.
At 07:39 PM 6/9/2002 -0400, Keith Moore wrote:
I was wondering if the best system to build a global PKI
On Sun, 09 Jun 2002 20:57:58 EDT, Keith Moore said:
assuming that you can keep the folks who control the TLDs from trying
to sell themselves as authoritative CAs for those TLDs, I mostly agree.
Unfortunately, Zymyrgy's Law of Evolving Thermodynamics applies here.
The worms are out of the
On Sun, 09 Jun 2002 21:36:08 EDT, Keith Moore said:
Unfortunately, Zymyrgy's Law of Evolving Thermodynamics applies here.
The worms are out of the can, and I suggest anybody who wants to fight
this battle order at least a 4-sizes-larger can
these particular worms are still in the
1) short lived certs
2) CRL's published at regular intervals.
both involve a regularly-signed short-lived objects.
Errr - OCSP?
last year we implemented a system that used DNS (with security extensions)
to distribute ceritificate validity information (among other things).
it was
Hi,
Where/How can I find the openssl.exe (application file) in the 0.9.6a
version?
Thanks
Daniela
--
Daniela Prestipino
[EMAIL PROTECTED]
I.D.S.,
Informatica Distribuita e Software srl
Via Consolare Pompea 19
98168 Messina ITALIA
Tel.: +39 90 353638
Fax : +39 90
I need to verify a signature present in an Attribute Certificate (so it's not a standard X.509 certificate). The verifier public key is in a X509 standard certificate (in PKCS#7 format). Can you tell me where I can find the documentation to do it and what are the API required? (if you have some
Hi all,
I want know what are advantages and disadvantages of different secure
methods . Where can I read something about that. Currently I'am using SSL to
secure my data over the network, it's really slow . But which advantages and
disadvantages have the SASL Framwork . Do anybody know, where I
Hello to you both.
Eric, I have a question regarding what you said (just for interest):-
look below...
---Original Message-
--From: Eric Rescorla [mailto:[EMAIL PROTECTED]]
--Sent: Fri, June 07, 2002 4:20 PM
--To: [EMAIL PROTECTED]
--Subject: Re: fragmentation
--
--
--Oleg Tyschenko
Zamangoer, Ferruh [EMAIL PROTECTED] writes:
I want know what are advantages and disadvantages of different secure
methods . Where can I read something about that. Currently I'am using SSL to
secure my data over the network, it's really slow . But which advantages and
disadvantages have the
Sharon Hezy shezy@spearheadsecuri ty.com writes:
--(1) You need to check the MAC which only appears at the end of
--the record.
Is it right that you still can say that maximum *SSL* record size (not TCP)
is about 16K - I don't remember the exact number, but this is the maximum
size of
16 matches
Mail list logo
