Excellent. That's exactly what I was looking for. Sorry for missing
that down at the bottom.
Thanks again,
Pete
On 4/8/20 12:34 PM, Matt Caswell wrote:
>
> On 08/04/2020 17:11, Pete wrote:
>> By any chance has there been any discussion yet regarding what will and
>> wil
would
help us in planning. Something to put on a slide that says when we
might know if we have additional work to do and what it might be.
Thanks again very much for all you're doing,
Pete
d.
Thanks again,
Pete
On 3/24/20 10:19 AM, Matt Caswell wrote:
>
> On 24/03/2020 14:06, Pete wrote:
>> Hello,
>>
>> I have two questions regarding support for FIPS in 3.0. We're currently
>> working on early planning for our migration to OpenSSL 3.0 and we're
M will not be as involved as it
used to be?
The second question is somewhat related. Has there been a decision yet whether
the FOM 3.0 will go through a 140-2 or a 140-3 validation?
Thanks,
Pete
est wishes.
--
Pete Cooper
p...@pragmatika.net
https://pragmatika.net
Please note: my working hours may not be your working hours. Please do not feel
obligated to reply outside of your normal work schedule.
o go form here would be much appreciated
- Pete - [EMAIL PROTECTED]
If you use Outlook to receive your messages then in tools message rules you
can set Outlook to delete the messages on the mail server before they are
downloaded to your machine - or filter them and delete them. Annoying aren't
they!
- Original Message -
From: "Ricardo Ramos Massaro" <[EMAI
MD2, for example.
--
Pete
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
ame block size.
OpenSSL seems to support MDC2 with DES for use in signature
algorithms, but I don't know who uses this or where it is documented.
--
Pete
__
OpenSSL Project
will store
used seeds for a certain period; otherwise a seed might be accepted
erroneously if the client's clock was out of synchronisation with the
server's.
--
Pete
__
OpenSSL Project htt
Geoff Thorpe wrote:
> Which leaves
> the mathematical consideration of the multi-prime keys themselves, and
> their generation, to be debated (ie. I doubt the patent could rest on an
> argument that it is a physical process, or an implementation invention,
> because that should bang its head on t
Salz, Rich wrote:
> > Pls excuse my silly question. Can anyone kindly tell me that does
> > signatures have fixed lengths, or not.
>
> For RSA sizeof(sig) == sizeof(key)
For DSA, the signature is 320 bits -- two numbers the size of the
small modulus. For ElGamal the signature is twice the leng
Dr. Greg Quinn wrote:
> A big limitation as far as I can see would be getting certs
> pre-installed into web browsers. The chance of either MS or
> netscape doing this would be close to none.
Yes. On the other hand, there is a way of giving people a trusted
copy of the root certificate without
Leland V. Lammert wrote:
> I don't think you have placed OpenSSL in the proper
> perspective. OpenSSL is a *toolkit* used primarily with OTHER
> applications.
Most toolkits have documentation, though. Developers need to know how
to use the product just like anyone else. For an example, see the
Kristian Köhntopp wrote:
> Now, where do I find a free SSLified IMAP server, please? ;-)
It depends if you want the old or new version of the protocol. The
old version has a different port number for secured IMAP; the new one
doesn't. If you want the new version, you could have a look at
SafeG
At long last, here is the first beta release of SafeGossip, which
implements the new RFCs and Internet drafts for telnet, FTP, IMAP, POP
and SMTP over TLS.
Here are some of the new features:
* Telnet support is now implemented according to the Internet draft.
* You can now configure SafeGossip u
Jeffrey Altman wrote:
> How are you mapping a client cert to a local Unix account name?
>
> Are you using a field within the cert? If so, which one(s)? Are
> different fields used for different services?
>
> Or are you using some form of Certificate MApping Service which takes
> a validated c
Joe Pruett wrote:
> did you ever find a way to do this? i am just starting down the same
> road. pgp licensing is way out of control for commercial use nowadays
> ($9500!).
If you want to do PGP-style messages for commercial use, you are
probably best off with the GNU Privacy Guard (www.gnupg.
Some of you have been asking about my package which implements various
protocols over TLS. Here is an alpha release. I have called the
package SafeGossip, or Gossip for short.
Currently the protocols implemented are FTP, telnet (sort of), IMAP,
SMTP and POP. Gossip supports both the old and ne
"Roth, Leland" wrote:
> 2) Can anyone point to a decent 'SSL ftp' standalone program? I might
> couple that with some Perl to build a workable solution.
Of course FTP over SSL is only an Internet draft at present. However I
am currently working on implementing it (as well as telnet, pop, imap
a
Craig Idler wrote:
> Has someone done something like this in the past? It seems an ssl enabled
> telnet program could do this. It's so easy to use basic telnet talking to port
> 80, but using something that communicates with port 443 is a different story.
Try "openssl s_client". This is similar
Dave Neuer wrote:
> RSADSI seem to have a propensity for casting information in a decidedly
> pro-RSADSI light. Kind of like the way they convinced the IETF that the
> licensing for RSA would always be "affordable and non-discriminatory."
Interestingly one of the RFCs says that the licence fee
Martin Ouwehand has some very useful scripts at:
Martin Ouwehand has some wonderful example scripts at:
http://cognac.epfl.ch/SIC/SL/CA/
You will need to change references to SSLeay to OpenSSL.
It works for Netscape, but I'm having trouble with loading MSIE 5 certs.
Pete
-Ori
This helps. Thanks. Since the browser created the public/private key pair,
it would have put the public key in the Certificate Request, correct?
How do I associate the private key for this request with the cert (and where
is the private key stored)?
Here is the VB code I use (not original)
when I set up my server
to require Client Certs signed by me, it can't find the one it says it
imported.
Anyone have any suggestions?
Thanks,
Pete Palmer
__
OpenSSL Project http://www.openssl.o
s being implicit in the fact that a user possesses a
certificate. (It is often said that certificates should only be used to
vouch for identity and not as a basis for access control decisions. Of
course in practice people do not always keep to this.)
--
Michael Urban wrote:
> Perhaps a file mapping a certificate subject name to a local
> username is a better solution. The certificate can be used at sites
> with different usernames that aren't known at certificate issue time,
> and doesn't require extra baggage in the certificate.
This might wo
27 matches
Mail list logo
