Nicolas Roumiantzeff wrote:
>
> Stephen,
>
> >Well I'm one person who distrusts ActiveX and with good reason.
> >I know of some ActiveX controls signed by Microsoft that open up
> >security holes: one allows you to run arbitrary code.
>
> You don't need to install ActiveX to get security holes,
Stephen,
>Well I'm one person who distrusts ActiveX and with good reason.
>I know of some ActiveX controls signed by Microsoft that open up
>security holes: one allows you to run arbitrary code.
You don't need to install ActiveX to get security holes, there is plenty
enough in IE itself ;-)
Su
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr. Greg Quinn
> Sent: Saturday, 8 January 2000 11:04
> To: [EMAIL PROTECTED]
> Subject: Re: Seeking officers for Free-software-friendly CA
>
>
> On Fri, 7 Jan 2000, Michae
On Fri, 7 Jan 2000, Michael Sierchio wrote:
> jon hale wrote:
> >
> > I am curious about the expiration this patent. Does it definitely expire?
>
> September 20, 2000.
I recall someone a while back posting to this list that it actually
expires in October and not September as commonly thought;
Stephen,
> When you add a CA via an API call from ActiveX control or any other
> method in IE you still can get a series of dialog boxes asking you first
> if you want to download the control. AFAIK you always get a box asking
> whether you want to add the root CA.
>
> With Netscape the method of
Leland,
> Here is the issue - installing a CA manually provides no more trust than accepting a
>self-signed CERT.
>
> There is also a big downside to installing a CA manually - if the user accepts a CA
>by accident or misintention, that user is open [open = accepting a secure connection
>witho
jon hale wrote:
>
> I am curious about the expiration this patent. Does it definitely expire?
September 20, 2000.
> Can it be renewed?
Thank GATT, no.
__
OpenSSL Project http://www.openssl.org
U
Nicolas Roumiantzeff wrote:
>
> Yes I think both solution are equivalent from a crypto point of view and are
> both definitively better than unstaling manualy a CA cert through an
> unsecured download.
>
> There might be to practical difference though:
>
> 1) I am not sure that the browser (IE
Chown previous message, I think Pete and Steve are
describing exactly the same scheme.
-Message d'origine-
De : Dr Stephen Henson <[EMAIL PROTECTED]>
À : [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date : vendredi 7 janvier 2000 10:59
Objet : Re: Seeking officers for Free-sof
Nicolas Roumiantzeff wrote:
>
>
> In the solution I suggested, the CA cert is not installed manually (as when
> you connetc to an SSL server wich is not "chained" to a trusted CA of the
> browser) but installed automatically (by an ActiveX or a Netscape Plug-in
> using SmartUpdate). Did you get
ary 06, 2000 9:16 AM
Subject: Re: Seeking officers for Free-software-friendly CA
>
>On Wed, 5 Jan 2000, Leland V. Lammert wrote:
>
>> ...
>
>
>authority would be very helpful. I think it's going to be inevitable with
>the expiration of the RSA patent in October
>One problem with this scenario - the user is still essentially trusting
YOUR server instead of the CA. By trusting your server to install the proper
CERT you are no worse (to the user) than using a self-signed CERT (which we
do).
Lee,
I dont see your point:
First, you mean "you are no BETTER
At 01:22 PM 1/4/00 , you wrote:
>One solution to the fact that the new CA is not embed in IE nor Netscape is
>to:
>
>
>
>Nicolas Roumiantzeff.
Nicolas,
One problem with this scenario - the user is still essentially trusting YOUR server
instead of the CA. By trusting your server to install the
: Theodore Hope <[EMAIL PROTECTED]>
À : [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Cc : [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date : dimanche 26 décembre 1999 20:37
Objet : Re: Seeking officers for Free-software-friendly CA
>Stefan,
>
>> At first, Netscape was very fa
Dr. Greg Quinn wrote:
> A big limitation as far as I can see would be getting certs
> pre-installed into web browsers. The chance of either MS or
> netscape doing this would be close to none.
Yes. On the other hand, there is a way of giving people a trusted
copy of the root certificate without
Stefan Kelm wrote:
>
> Ciao Massimiliano,
>
> > We can ask to the ICE-TEL (ICE-CAR) project for a certificate as they have
> > alreay a place in the Netscape base cert directory (I think) and are the
> > European Research project about security/certificates/CAs/etc...
>
> ICE-CAR is the success
Ciao Massimiliano,
> We can ask to the ICE-TEL (ICE-CAR) project for a certificate as they have
> alreay a place in the Netscape base cert directory (I think) and are the
> European Research project about security/certificates/CAs/etc...
ICE-CAR is the successor of ICE-TEL and is "a" European Re
Theodore,
> The big problem here is getting Micro$oft and Netscape/AOL to agree to put
> this new CA's root into their browsers. Otherwise, it's not going to be
Well, neither Microsoft nor Netscape will "agree" unless you pay A LOT of
money. We've been in touch with both companies for the past
Lutz Jaenicke wrote:
> On Wed, Dec 22, 1999 at 10:40:56AM -0800, Dr. Greg Quinn wrote:
> > I think a free CA would be great. I really wish there was an acadmic
> > institution initiative. A big limitation as far as I can
> > see would be getting certs pre-installed into web browsers.
> > The chanc
Well..the discussion so far shows that
1. there ARE technical solutions
2. there are NO practical solutions regarding the TRUST
which you can put into such a CA (being registrated
by any authority isnt enough, as i wont EVER trust an
authority which gives certificates to ANYBODY)
Obvio
Perhaps because the hostname in the cert is for secure.openca.org,
even though its a CNAME for the same host. Try https to
secure.openca.org and see if you have better results.
Brian
"James B. Huber" wrote:
>
> Thomas Reinke writes:
> > Sorry for taking this off-thread - is anyone else able
>
"James B. Huber" wrote:
> Yes,
> But I've never been able to do https with it.
Please, try now.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
Lutz Jaenicke wrote:
> So much for now, I am not enthusiastic that just because we have OpenSSL
> and/or OpenCA we will easily get a real CA for nothing.
> (I personally can be optimistic, because there is the DFN-PCA described above,
> but I don't know which other institutions offer such service
"Dr. Greg Quinn" wrote:
>
> I think a free CA would be great. I really wish there was an acadmic
> institution initiative. A big limitation as far as I can
> see would be getting certs pre-installed into web browsers.
> The chance of either MS or netscape doing this would be close to none.
> If m
At 12:40 PM 12/22/99 , you wrote:
>I think a free CA would be great. I really wish there was an acadmic
>institution initiative. A big limitation as far as I can
>see would be getting certs pre-installed into web browsers.
>The chance of either MS or netscape doing this would be close to none.
>If
Thomas Reinke writes:
> Sorry for taking this off-thread - is anyone else able
> to actually connect to http://www.openca.org ? We've
> shown it being down (IP not pingable) for the last
> couple of attempts we've made at reaching it...
>
Yes,
But I've never been able to do https with it.
On Wed, Dec 22, 1999 at 10:40:56AM -0800, Dr. Greg Quinn wrote:
> I think a free CA would be great. I really wish there was an acadmic
> institution initiative. A big limitation as far as I can
> see would be getting certs pre-installed into web browsers.
> The chance of either MS or netscape doin
> > With the absorbtion of Thawte into Verisign, we're concerned that the only
> > remotely free-software-friendly commercial CA will change its policies. The
> > lack of competition bothers us too. So, let's do something about it. A good
> > CA could do more for free software than we've seen so f
I think a free CA would be great. I really wish there was an acadmic
institution initiative. A big limitation as far as I can
see would be getting certs pre-installed into web browsers.
The chance of either MS or netscape doing this would be close to none.
If my experience is anything to go by, as
Thomas Reinke wrote:
>
> Sorry for taking this off-thread - is anyone else able
> to actually connect to http://www.openca.org ? We've
> shown it being down (IP not pingable) for the last
> couple of attempts we've made at reaching it...
It seems we lost conectivity with the outworld... we are
c
Sorry for taking this off-thread - is anyone else able
to actually connect to http://www.openca.org ? We've
shown it being down (IP not pingable) for the last
couple of attempts we've made at reaching it...
>
> I think that is we receive support, we are going to setup a free certification
> syst
31 matches
Mail list logo
