Re: pkcs12 export password incorrect

2006-12-08 Thread Dr. Stephen Henson
On Fri, Dec 08, 2006, Chris Covington wrote: > On 12/8/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > >> Windows allows up to 32 character passwords. It seems when openssl > >> exports a 32 character password pkcs12 file, Windows does not > >> recognize the results, which is unfortunate in m

Re: pkcs12 export password incorrect

2006-12-08 Thread Chris Covington
On 12/8/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > Windows allows up to 32 character passwords. It seems when openssl > exports a 32 character password pkcs12 file, Windows does not > recognize the results, which is unfortunate in my case because I > specifically need a 32 character pas

Re: pkcs12 export password incorrect

2006-12-08 Thread Dr. Stephen Henson
On Fri, Dec 08, 2006, Chris Covington wrote: > On 12/8/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > >On Fri, Dec 08, 2006, Chris Covington wrote: > > > >> pps - if I import the openssl pkcs12 bundle with a 31 character > >> password, then export it using the Windows GUI with a 32 character

Re: pkcs12 export password incorrect

2006-12-08 Thread Chris Covington
On 12/8/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: On Fri, Dec 08, 2006, Chris Covington wrote: > pps - if I import the openssl pkcs12 bundle with a 31 character > password, then export it using the Windows GUI with a 32 character > password, that 32 character password works as well. How

Re: pkcs12 export password incorrect

2006-12-08 Thread Dr. Stephen Henson
On Fri, Dec 08, 2006, Chris Covington wrote: > pps - if I import the openssl pkcs12 bundle with a 31 character > password, then export it using the Windows GUI with a 32 character > password, that 32 character password works as well. How can I get > openssl to sign these 32 character export passw

Re: pkcs12 export password incorrect

2006-12-08 Thread Chris Covington
pps - if I import the openssl pkcs12 bundle with a 31 character password, then export it using the Windows GUI with a 32 character password, that 32 character password works as well. How can I get openssl to sign these 32 character export passworded pkcs12 bundles in a Windows-compatible way? I'

Re: pkcs12 export password incorrect

2006-12-08 Thread Chris Covington
ps - the openssl Export password can be up to 31 characters. Once I hit that 32nd character, Windows doesn't recognize the password. However, if I use the Active Directory CA, I can correctly import the 32 character password? Chris ___

pkcs12 export password incorrect

2006-12-08 Thread Chris Covington
Hello all, I've created pkcs12 bundles for Windows clients: openssl pkcs12 -export -out w09prntec09.p12 -in w09prntec09.cert.pem -inkey w09prntec09.key.pem -passout pass:AE5B7FDA7ED10248B257F3F1B23A3AFE When I try to import the pkcs12 bundle file into Windows, Windows (XP, 2000, 2003) tells me

Re: HTTPS security model

2006-12-08 Thread Olivier Mascia
Hello, Le 08-déc.-06 à 14:48, Victor Duchovni a écrit : Yes, the security of unauthenticated TLS is rather questionable. I, the guy who asked an innocent question at first in this long thread, have well understood this point from the very first two answers I got in this thread and passed

Re: HTTPS security model

2006-12-08 Thread Kyle Hamilton
On 12/8/06, David Schwartz <[EMAIL PROTECTED]> wrote: I think that's kind of a crazy thing to say. For what possible reason would Microsoft want my credit card information to leak to a cracker? For what possible reason would Microsoft want my computer to be hijacked? It's unlikely that MS woul

Re: HTTPS security model

2006-12-08 Thread Victor Duchovni
On Fri, Dec 08, 2006 at 04:15:15AM -0800, David Schwartz wrote: > > > Actually, David, the truth is that your really not getting these > > guarentees that > > your looking for. > > Correct. In a technical sense, *you* do not get the guarantees, your end of > the HTTPS connection does. Whether yo

RE: HTTPS security model

2006-12-08 Thread David Schwartz
> Actually, David, the truth is that your really not getting these > guarentees that > your looking for. Correct. In a technical sense, *you* do not get the guarantees, your end of the HTTPS connection does. Whether you choose to trust your end or not is a separate issue. > The problem is that t

Re: HTTPS security model

2006-12-08 Thread Ted Mittelstaedt
- Original Message - From: "David Schwartz" <[EMAIL PROTECTED]> To: Sent: Thursday, December 07, 2006 6:49 PM Subject: RE: HTTPS security model > > > OK, I'm going to take a humourous punch at what you just said; if > > authentication and authorization are the same thing, why are both