Juergen Rensen wrote:
>
> M2c: Credit card organizations and banks have successfully generated the
> image that strong encryption protecting from fraudaulent use of credit
> cards is solely in the interest of the customer. What the customer is
Hmm...I suspect its actually in the interest of t
M2c: Credit card organizations and banks have successfully generated the
image that strong encryption protecting from fraudaulent use of credit
cards is solely in the interest of the customer. What the customer is
actually protected from is an increase in credit card fees, since the CC
organi
Paul Rubin wrote:
>
> Well the CA *is* preloaded and Verisign just sign a bank subordinate CA
> using the global ID root. The subordinate CA can then issue global
> server IDs of its own but (presumably) no further global ID CAs because
> of a path length restricti
Hello,
Can someone explain to me how to create CA? is it possible to use own CA or
has to be issued from verisign and others?
I have been trying to setup my own CA using "make certificate TYPE=custom"
everything was fine except when I try to connect from browser it shows some
warning says that the
Well the CA *is* preloaded and Verisign just sign a bank subordinate CA
using the global ID root. The subordinate CA can then issue global
server IDs of its own but (presumably) no further global ID CAs because
of a path length restriction.
Stephen, are you saying
But what I'm trying to do is use a (signed) public key to
encrypt some data, ship it off somewhere else, and the
destination to decrypt it with the corresponding private
key. However, it doesn't seem that I'm really able to do that
using the openssl command
Hi,
I am using an openssl in the commercial product. As we should get license for
using RSA we were talking with RSA about the terms of licensing. The RSA person
I was talking to says that they can not sell the license for RSA usage
with an OpenSSL and that we have to buy their BSAFE product. Doe
> What about if a recognized CA (such as Thawte) tries to issue GSID's?
> Are there special bits in the Verisign root that's shipped with the
> browser? Or only in the intermediate CA cert that signs the actual
> GSID?
This is all explained fairly well in the mod_ssl package.
/r$
__
On Fri, 23 Apr 1999, Dr Stephen Henson wrote:
> Well the CA *is* preloaded and Verisign just sign a bank subordinate CA
> using the global ID root. The subordinate CA can then issue global
> server IDs of its own but (presumably) no further global ID CAs because
> of a path length restriction.
Br
Forgive the dumbness, please.
Does one overlay the original source build tree with the daily snapshot &
re-build?
Or is it more complex than that? (On NT).
Regards,
Dan O'D
__
OpenSSL Project h
>I believe Verisign has certified some US banks to issue their
>own global server IDs by siging a CA certificate with their
>global server root, and with suitable path length protection.
I don't think that helps. In order to do be a "step-up CA" you
have to
Yes, you can't use an end user certificate as a CA (well there was this
one broken one you could...) with most software because it isn't marked
as being a valid CA. Either by having the CA flag set to FALSE in
basicConstraints or implicitly because basicConstraints
Does anyone have code to demonstrate a simple SSL client/server?
The best documentation I was able to find is at
http://www.columbia.edu/~ariel/ssleay/
and even that documentation is sparse and out of date.
following the documentation at
http://www.columbia.edu/~ariel/ssleay/ssl_ctx.html
to creat
This is a question more to do with private/public keypair encryption and
decryption than it does with the SSL protocol..
But what I'm trying to do is use a (signed) public key to encrypt some
data, ship it off somewhere else, and the destination to decrypt it with
the corresponding private key.
Salz, Rich wrote:
>
> >I believe Verisign has certified some US banks to issue their own global
> >server IDs by siging a CA certificate with their global server root, and
> >with suitable path length protection.
>
> I don't think that helps. In order to do be a "step-up CA" you have to get
> th
Buchs Christian wrote:
>
> Hi,
>
> In his message
> http://www.mail-archive.com/openssl-users@openssl.org/msg00298.html
> about DH Key Exchange, Bodo Moeller wrote:
>
> > ... where RSA is
> > replaced by DSA (the specification calls those methods "DHE_DSS" and
> > "DH_DSS", unfortunately -- "DH
> I am trying to build OpenSSL (to be followed by mod_ssl and Apache) on an
> Ultrix 4.4 system, for the first time. I have followed the installation
> instructions as far as I can see, but the build is failing due to the names
> LOG_CONS and LOG_DAEMON being undefined, as follows :
That was fixe
Hi,
In his message
http://www.mail-archive.com/openssl-users@openssl.org/msg00298.html
about DH Key Exchange, Bodo Moeller wrote:
> ... where RSA is
> replaced by DSA (the specification calls those methods "DHE_DSS" and
> "DH_DSS", unfortunately -- "DHE_DSA" etc. would make more sense).
> I'm n
>Yes, you can't use an end user certificate as a CA (well there was this
>one broken one you could...) with most software because it isn't marked
>as being a valid CA. Either by having the CA flag set to FALSE in
>basicConstraints or implicitly because basicConstraints is absent and
>probably not
Ben Laurie wrote:
>
> Juergen Rensen wrote:
> >
> > Hi,
> >
> > I understand that the Global ID cert actually consists of two chained
> > certificates. Is there a way that someone with a valid Global ID (ie a
> > bank) can sign a new certificate (ie for a merchant server) which will
> > cause bro
I am trying to build OpenSSL (to be followed by mod_ssl and Apache) on an
Ultrix 4.4 system, for the first time. I have followed the installation
instructions as far as I can see, but the build is failing due to the names
LOG_CONS and LOG_DAEMON being undefined, as follows :
I took the following
Juergen Rensen wrote:
>
> Hi,
>
> I understand that the Global ID cert actually consists of two chained
> certificates. Is there a way that someone with a valid Global ID (ie a
> bank) can sign a new certificate (ie for a merchant server) which will
> cause browsers to use strong encryption when
> and ended up replacing it with another version a while back.
> It didn't crash but it returned incorrect values.
> So maybe that implementation is buggy. I didn't have time
> to figure out what was wrong, back then.
Perhaps you were using SHA*() instead
23 matches
Mail list logo
