Re: Verisign Problem with smtp tls

2014-01-04 Thread Viktor Dukhovni
On Sat, Jan 04, 2014 at 03:11:16PM -0500, Jeffrey Walton wrote: > > ... A substantive comment that argues that DANE adds > > nothing new to SMTP would begin by explaining in detail how SMTP > > to MX TLS security is possible without DNS data integrity (thus > > making it possible to not trust the

Re: Verisign Problem with smtp tls

2014-01-04 Thread Jeffrey Walton
On Sat, Jan 4, 2014 at 2:42 PM, Viktor Dukhovni wrote: > ... A substantive comment that argues that DANE adds > nothing new to SMTP would begin by explaining in detail how SMTP > to MX TLS security is possible without DNS data integrity (thus > making it possible to not trust the root zone signatu

Re: Verisign Problem with smtp tls

2014-01-04 Thread Viktor Dukhovni
On Sat, Jan 04, 2014 at 07:58:20PM +0100, Michael Str?der wrote: > > While indeed SMTP with DANE TLS relies on DNSSEC to secure the > > MX lookup, it also critically relies on DANE for two additional > > pieces of information: > > > > - Downgrade resistant STARTTLS support signall

Re: Verisign Problem with smtp tls

2014-01-04 Thread Michael Ströder
Viktor Dukhovni wrote: > On Sat, Dec 28, 2013 at 05:56:41PM +0100, Michael Str?der wrote: > >>> http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-05.html#rfc.section.1.2 >>> >>> This is why I am working to implement and standardize SMTP with DANE TLS. >> >> DANE itself does not help.

Re: Verisign Problem with smtp tls

2013-12-28 Thread Viktor Dukhovni
On Sat, Dec 28, 2013 at 12:58:58PM -0600, Bobber wrote: > >Does this modify the ciphers used for all connections, or just for > >the server in question? > > All connections. In that case I would go for the second cipherlist, though still compact, it is a superset of the first and will interoperat

Re: Verisign Problem with smtp tls

2013-12-28 Thread Bobber
On 12/28/2013 12:51 PM, Viktor Dukhovni wrote: Does this modify the ciphers used for all connections, or just for the server in question? All connections. Any suggestions for what ciphers to put in the list besides RC4-MD5? If you read my previous responses on this thread, you'll notice I re

Re: Verisign Problem with smtp tls

2013-12-28 Thread Viktor Dukhovni
On Sat, Dec 28, 2013 at 12:23:21PM -0600, Bobber wrote: > Thanks very much for your help Viktor. I was able to specify the > RC4-MD5 cipher and it works. > > I am using Qmail with the John Simpson patch set by the way. There > is a control file (tlsclientcipher) which John had not documented >

Re: Verisign Problem with smtp tls

2013-12-28 Thread Daode
|SMTP TLS, but I am not obligated to provide a comprehensive |justification in response to every trollish one liner, the above Luckily there is the UDPish EDNS0 extension from RFC 2671 as in The default is 1280 (RFC 2671, 4.5.1.). The minimum is 1024 (RFC 3226, 3.; note: not 1220!). The m

Re: Verisign Problem with smtp tls

2013-12-28 Thread Bobber
On 12/27/2013 03:39 PM, Viktor Dukhovni wrote: There's your problem! This server (likely Exchange 2003) has a broken implementation of 3DES CBC padding (search Postfix users archives for my posts on the subject), and your cipher list is either long enough to cause it to not see RC4-SHA and RC4-

Re: Verisign Problem with smtp tls

2013-12-28 Thread Viktor Dukhovni
On Sat, Dec 28, 2013 at 05:56:41PM +0100, Michael Str?der wrote: > > http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-05.html#rfc.section.1.2 > > > > This is why I am working to implement and standardize SMTP with DANE TLS. > > DANE itself does not help. It just shifts the trust an

Re: Verisign Problem with smtp tls

2013-12-28 Thread Michael Ströder
Viktor Dukhovni wrote: > With SMTP, PKIX certificate verification is pointless without explicit > per-destination configuration: > > http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-05.html#rfc.section.1.2 > > This is why I am working to implement and standardize SMTP with DANE TLS.

Re: Verisign Problem with smtp tls

2013-12-27 Thread Viktor Dukhovni
On Fri, Dec 27, 2013 at 04:11:40PM -0600, Bobber wrote: > > > TLS started w/ cipher DES-CBC3-SHA > > > >There's your problem! This server (likely Exchange 2003) has a > >broken implementation of 3DES CBC padding (search Postfix users > >archives for my posts on the subject), and your cipher list

Re: Verisign Problem with smtp tls

2013-12-27 Thread Viktor Dukhovni
On Fri, Dec 27, 2013 at 09:39:52PM +, Viktor Dukhovni wrote: > On Fri, Dec 27, 2013 at 03:28:46PM -0600, Bobber wrote: > > > >=== TLS started w/ cipher DES-CBC3-SHA > > >=== TLS peer subject DN="/C=US/ST=Missouri/L=Saint Louis/O=The > > >Lawrence Group/OU=IT/OU=Terms of use at www.verisign.co

Re: Verisign Problem with smtp tls

2013-12-27 Thread Bobber
On 12/27/2013 03:39 PM, Viktor Dukhovni wrote: On Fri, Dec 27, 2013 at 03:28:46PM -0600, Bobber wrote: === TLS started w/ cipher DES-CBC3-SHA === TLS peer subject DN="/C=US/ST=Missouri/L=Saint Louis/O=The Lawrence Group/OU=IT/OU=Terms of use at www.verisign.com/rpa (c)05/CN=mail.thelawrencegrou

Re: Verisign Problem with smtp tls

2013-12-27 Thread Viktor Dukhovni
On Fri, Dec 27, 2013 at 03:28:46PM -0600, Bobber wrote: > >=== TLS started w/ cipher DES-CBC3-SHA > >=== TLS peer subject DN="/C=US/ST=Missouri/L=Saint Louis/O=The > >Lawrence Group/OU=IT/OU=Terms of use at www.verisign.com/rpa > >(c)05/CN=mail.thelawrencegroup.com" There's your problem! This se

Re: Verisign Problem with smtp tls

2013-12-27 Thread Bobber
On 12/27/2013 02:22 PM, Viktor Dukhovni wrote: You're posting to the wrong forum. The problem is not OpenSSL, rather you have an updated release of your MTA. (Is it Exim or Postfix? Go to the corresponding mailing list). OpenSSL performs whatever certificate verification your MTA asks for. Per

Re: Verisign Problem with smtp tls

2013-12-27 Thread Viktor Dukhovni
On Fri, Dec 27, 2013 at 02:07:56PM -0600, Bobber wrote: > Yes, thanks Andrew, I got it. I see that it is expired. I am still a > bit baffled. I upgraded my mail server just a couple of weeks ago > from Debian Squeeze. Everything was fine before then. Is there a > different check involved in the la

Re: Verisign Problem with smtp tls

2013-12-27 Thread Viktor Dukhovni
On Fri, Dec 27, 2013 at 02:54:55PM -0500, Patrick Patterson wrote: > Why does no-one else notice? Probably because you've got your > server set to actually validate TLS certs, as opposed to most of > the world that doesn't. :) With SMTP, PKIX certificate verification is pointless without explicit

Re: Verisign Problem with smtp tls

2013-12-27 Thread Robert W Weaver
Bobber wrote on 12/27/2013 02:47:47 PM: > I don't see anywhere that it says expired other than this utility. How > can I verify that it is really expired? In case you don't trust your openssl install, here is an easy approach using windows: 1. Select everything between -BEGIN CERTIFICATE---

Re: Verisign Problem with smtp tls

2013-12-27 Thread Bobber
On 12/27/2013 01:54 PM, andrew cooke wrote: On Fri, Dec 27, 2013 at 04:53:41PM -0300, Andrew Cooke wrote: i am not following this in any detail, but if you look at the certificate you included in your original email it expired in 2008. just look at it with openssl -text -in openssl

Re: Verisign Problem with smtp tls

2013-12-27 Thread Patrick Patterson
Hey there... On 2013-12-27, at 2:47 PM, Bobber wrote: > > On 12/27/2013 01:29 PM, Viktor Dukhovni wrote: >> On Fri, Dec 27, 2013 at 12:59:11PM -0600, Bobber wrote: >> >>> I recently upgraded my companies' mail server to 64 Debian Wheezy. I >>> am using the Openssl package which is version 1.0.

Re: Verisign Problem with smtp tls

2013-12-27 Thread Bobber
On 12/27/2013 01:53 PM, andrew cooke wrote: i am not following this in any detail, but if you look at the certificate you included in your original email it expired in 2008. just look at it with openssl -text -in Ok, that's good. Thanks. sorry if i'm jumping into something i've misund

Re: Verisign Problem with smtp tls

2013-12-27 Thread andrew cooke
On Fri, Dec 27, 2013 at 04:53:41PM -0300, Andrew Cooke wrote: > > i am not following this in any detail, but if you look at the certificate you > included in your original email it expired in 2008. just look at it with > >openssl -text -in openssl x509 -text -in > sorry if i'm jump

Re: Verisign Problem with smtp tls

2013-12-27 Thread andrew cooke
i am not following this in any detail, but if you look at the certificate you included in your original email it expired in 2008. just look at it with openssl -text -in sorry if i'm jumping into something i've misunderstood, andrew On Fri, Dec 27, 2013 at 01:47:47PM -0600, Bobber wrote:

Re: Verisign Problem with smtp tls

2013-12-27 Thread Bobber
On 12/27/2013 01:29 PM, Viktor Dukhovni wrote: On Fri, Dec 27, 2013 at 12:59:11PM -0600, Bobber wrote: I recently upgraded my companies' mail server to 64 Debian Wheezy. I am using the Openssl package which is version 1.0.1e-2. I am having problems when trying to send a message to one of our

Re: Verisign Problem with smtp tls

2013-12-27 Thread Viktor Dukhovni
On Fri, Dec 27, 2013 at 12:59:11PM -0600, Bobber wrote: > I recently upgraded my companies' mail server to 64 Debian Wheezy. I > am using the Openssl package which is version 1.0.1e-2. > > I am having problems when trying to send a message to one of our > business partners. The SMTP session appe

Re: Verisign client requirements

2010-04-27 Thread piper.guy1
Thanks for your help David. Regards, /carl h. On Tue, Apr 20, 2010 at 9:54 PM, David Schwartz wrote: > > Piper Guy1 wrote: > >> > This is precisely what a browser does. Again, using the >> > "https://www.amazon.com"; example, OpenSSL takes care of getting the >> > certificate from the server, ma

Re: Verisign client requirements

2010-04-27 Thread piper.guy1
allows the server to send these, lest the client does not > have some of them. Starting from the trusted root certificate, the client > can verify intermediate certificates in turn until it finally verifies the > server certificate. > > Has that helped at all? > > > ---

RE: Verisign client requirements

2010-04-20 Thread David Schwartz
Piper Guy1 wrote: > > This is precisely what a browser does. Again, using the > > "https://www.amazon.com"; example, OpenSSL takes care of getting the > > certificate from the server, making sure the certificate is valid, > checking > > that the server owns the certificate, and making sure the >

RE: Verisign client requirements

2010-04-19 Thread Rene Hollan
that helped at all? -Original Message- From: owner-openssl-us...@openssl.org on behalf of piper.guy1 Sent: Mon 4/19/2010 1:27 PM To: openssl-users@openssl.org Subject: Re: Verisign client requirements David, Sorry for my late response. (pulled in another direction for a while). But i s

Re: Verisign client requirements

2010-04-19 Thread piper.guy1
David, Sorry for my late response. (pulled in another direction for a while). But i still have a few holes in my understanding (and maybe my head!!). Here are some facts about our implementation: 1. The server does not have my root certificate. 2. I do not have the server's root certificate. 3.

RE: Verisign client requirements

2010-04-05 Thread David Schwartz
Piper.guy1 wrote: > Hi, > > Please understand I'm a newbie to security if my question sounds > rather elementary. > > The embedded product I'm working on requires a secure connection to > our server that uses a Verisign certificate to authenticate. I've been > porting the OpenSSL examples from

Re: Verisign CA Self-Signed Cert Error?

2008-02-29 Thread David Hostetter
I am using s_client and s_server right now and it is working for me. I specify the -certs file and the CAfile for the root. Josh wrote: Hello, We are getting an odd self-signed cert error when using openssl s_client to test the connection for a web service on an internal server. This servic

Re: VeriSign certificate with openssl

2007-10-22 Thread Marek Marcola
Hello, > A follow-up question just for double check. The my_cert.pem file > consists of two parts: [RSA private key] and [certificate (public > key)]. Is this the correct sequence? I saw a certificate file that > contains three parts: [certificate (?)], [RSA private key], > [certificate (public key

Re: VeriSign certificate with openssl

2007-10-17 Thread Dennis Kim
Thanks, much. - Dennis Wolfgang Riedel wrote: Hi Dennis, you want (maybe) -BEGIN CERTIFICATE- MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X

Re: VeriSign certificate with openssl

2007-10-17 Thread Wolfgang Riedel
Hi Dennis, you want (maybe) -BEGIN CERTIFICATE- MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA

Re: VeriSign certificate with openssl

2007-10-16 Thread urjit_gokhale
>Hello, >> We have a web server running on Apache/Tomcat platform (Sun Solaris 10) >> with a VeriSign certificate. I'm trying to use the same certificate with >> openssl 0.9.8f for my stand-alone web services application (listening on >> separate ports, of course). So I followed the procedure a

Re: VeriSign certificate with openssl

2007-10-16 Thread Dennis Kim
Thanks for the quick response. The missing piece was Root CA certificate. I downloaded (1) VeriSign's intermediate CA cert from VeriSign web site and (2) VeriSign's Root CA from IE browser, and put them into one CA cert file. As you described, the subject-issuer chain is now complete. Verifica

Re: VeriSign certificate with openssl

2007-10-16 Thread Marek Marcola
Hello, > We have a web server running on Apache/Tomcat platform (Sun Solaris 10) > with a VeriSign certificate. I'm trying to use the same certificate with > openssl 0.9.8f for my stand-alone web services application (listening on > separate ports, of course). So I followed the procedure as in

RE: Verisign Certificate

2007-08-09 Thread C K KIRAN-KNTX36
:[EMAIL PROTECTED] On Behalf Of Kaushal Shriyan Sent: Tuesday, August 07, 2007 11:14 PM To: openssl-users@openssl.org Subject: Re: Verisign Certificate Hi Kiran Now the verisign has given me the certificate as SSL.der format so can you please provide me the working example using openssl to convert

RE: Verisign Certificate

2007-08-07 Thread Bartella, John (J6P)
I'm looking for someone who ssl enabled apache. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ricardo Stella Sent: Tuesday, August 07, 2007 1:53 PM To: openssl-users@openssl.org Subject: Re: Verisign Certificate Kaushal Shriyan wrote: >

Re: Verisign Certificate

2007-08-07 Thread Ricardo Stella
Kaushal Shriyan wrote: > Hi Kiran > > Now the verisign has given me the certificate as SSL.der format so can > you please provide me the working example using openssl to convert it > into SSL.pem > format taking my file SSL.der in question > > Thanks again Verisign has extensive information on h

Re: Verisign Certificate

2007-08-07 Thread Kaushal Shriyan
Hi Kiran Now the verisign has given me the certificate as SSL.der format so can you please provide me the working example using openssl to convert it into SSL.pem format taking my file SSL.der in question Thanks again Sorry for the trouble Thanks and Regards Kaushal On 8/6/07, C K KIRAN-K

RE: Verisign Certificate

2007-08-06 Thread C K KIRAN-KNTX36
Hi, You should have received the certificate in PEM or DER format. No need to save the file .txt format. Do openssl -inform "whichever form PEM or DER" -in -noout -text This will dump the text form of the certificate. Regards, Kiran From: [EMAIL PROTE

Re: Verisign -- Want some free certificate over the Internet?

2000-03-31 Thread Leland V. Lammert
At 11:28 AM 3/30/00 , you wrote: >This site distributes a free software called SecureAge which >is working on Windows 95/98/NT. It will give the user a free >certificate issued by that company, that certfiticate will enable >the user to > - send signed/encrypted email > - exchange secure docum

Re: Verisign/NSI/Thawte monopoly

2000-03-31 Thread Michal Trojnara
Odpowiedz automatyczna: Do 31 marca jestem na szkoleniu. W pilnych sprawach prosze o kontakt z Romanem Iwanickim. Z powazaniem, Michal Trojnara >>> "[EMAIL PROTECTED]" 03/31/00 19:21 >>> hi, On Fri, 31 Mar 2000, Mark H. Wood wrote: > On Thu, 30 Mar 2000 [EMAIL PROTECTED] wrote: > > You mis

Re: Verisign/NSI/Thawte monopoly

2000-03-31 Thread dreamwvr
hi, On Fri, 31 Mar 2000, Mark H. Wood wrote: > On Thu, 30 Mar 2000 [EMAIL PROTECTED] wrote: > > You missed my point. Read on... > > > > > b) Certificates authenticate that the person is who they say they > > > are. hmmm... i have always thought the Certs from CA simply say yeah we know a

Re: Verisign/NSI/Thawte monopoly

2000-03-31 Thread Richard Levitte - VMS Whacker
mwood> Now I am surprised. The key only means that you have a mwood> reasonably secure channel to an unknown endpoint. Do lots of mwood> people really believe that it means any more than that? That mwood> is frightening. You wouldn't believe what J. Random Luser can believe... -- Richard Lev

Re: Verisign/NSI/Thawte monopoly

2000-03-31 Thread Mark H. Wood
On Thu, 30 Mar 2000 [EMAIL PROTECTED] wrote: > You missed my point. Read on... > > > b) Certificates authenticate that the person is who they say they > > are. > > > > Trust goes to trusting that second statement, not the trustworthiness > > of the company behind the statement. > > > >

Re: Verisign/NSI/Thawte monopoly

2000-03-31 Thread Mark H. Wood
On Thu, 30 Mar 2000, Thomas Reinke wrote: > [EMAIL PROTECTED] wrote: > > So it seems to me that while the cert may certify that said organization > > is who they say they are - nobody seems to ask if who they say they are > > has any relevance to anything. > > [snip] > > Look back to the problem

Re: Verisign -- Want some free certificate over the Internet?

2000-03-30 Thread Wu Xiao Ying
This site distributes a free software called SecureAge which is working on Windows 95/98/NT. It will give the user a free certificate issued by that company, that certfiticate will enable the user to - send signed/encrypted email - exchange secure document over the Internet - chat securely wi

Re: Verisign/NSI/Thawte monopoly

2000-03-30 Thread terr
You missed my point. Read on... > b) Certificates authenticate that the person is who they say they > are. > > Trust goes to trusting that second statement, not the trustworthiness > of the company behind the statement. > People in general presume that when they see the little key th

Re: Verisign

2000-03-30 Thread Steve Howie
On Thu, 30 Mar 2000, Pluto wrote: > On Tue, 28 Mar 2000, Michael Sierchio wrote: > > > > Consentration of economic power like we see in Verisign at this point is > > > NEVER healthy - or am I overreacting? > > > > Shall we file a lawsuit? > > Where? Is there such a thing as an UN anti-trust

Re: Verisign

2000-03-30 Thread Pluto
On Tue, 28 Mar 2000, Michael Sierchio wrote: > > Consentration of economic power like we see in Verisign at this point is > > NEVER healthy - or am I overreacting? > > Shall we file a lawsuit? Where? Is there such a thing as an UN anti-trust judge? Maybe the WTO could be interessted, but they

Re: Verisign/NSI/Thawte monopoly

2000-03-30 Thread Thomas Reinke
[EMAIL PROTECTED] wrote: > > So it seems to me that while the cert may certify that said organization > is who they say they are - nobody seems to ask if who they say they are > has any relevance to anything. [snip] Look back to the problem it is solving a) SSL makes sure no-one can interc

RE: Verisign/NSI/Thawte monopoly

2000-03-29 Thread David
Err Verisign bought Thawte last year :) At 09:45 pm 28/03/00, you wrote: >Gee, > >Before I get flamed for the Subject: >Of course, Verisign and Thawte are American and South African >companies, so cannot be a monopoly(Two American companies >doing this likely would), and of course NSI, the majo

Re: Verisign -- Want some free certificate over the Internet?

2000-03-28 Thread Leland V. Lammert
At 08:04 PM 3/28/00 , you wrote: >Want some free certificate from the Internet? >Try www.secureage.com What does this have to do with certs? The site is about a security application, .. not certs - have I missed something? Lee Leland V. L

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread Michal Trojnara
SA > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of dreamwvr > Sent: Tuesday, March 28, 2000 6:18 PM > To: [EMAIL PROTECTED]; Hostmaster; [EMAIL PROTECTED] > Subject: RE: Verisign/NSI/Thawte monopoly > > > hi, > IMHO

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread terr
I looked closely into purchasing a cert from Thawte and it is still something WE'll have to do. What strikes me though is that it seems to me that there is no real value in such a thing. I can for instance incorporate a company and shell out about $200 and get my cert. After that everyone trust

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread Kevin Evans
On Tuesday, March 28, 2000 at 04:18:15 PM, [EMAIL PROTECTED] wrote: > hi, > IMHO someone should create a central trusted CA that is open sourced for > all to trust however that would take some doing..;-)) ..anyone interested:-)) I'm game for putting in some time/effort - but I think you're po

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread Sam Stern
Hi, Take a look at http://www.openca.org Sam Stern, Bethesda, MD, USA > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of dreamwvr > Sent: Tuesday, March 28, 2000 6:18 PM > To: [EMAIL PROTECTED]; Hostmaster; [EMAIL PROTECTED

Re: Verisign -- Want some free certificate over the Internet?

2000-03-28 Thread Wu Xiaoying
Want some free certificate from the Internet? Try www.secureage.com - Original Message - From: Tariq Habib <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 28, 2000 2:30 PM Subject: RE: Verisign > I fully support your point of view. > > &g

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread Michal Trojnara
Odpowiedz automatyczna: Do 31 marca jestem na szkoleniu. W pilnych sprawach prosze o kontakt z Romanem Iwanickim. Z powazaniem, Michal Trojnara >>> "[EMAIL PROTECTED]" 03/29/00 01:18 >>> hi, IMHO someone should create a central trusted CA that is open sourced for all to trust however th

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread dreamwvr
hi, IMHO someone should create a central trusted CA that is open sourced for all to trust however that would take some doing..;-)) ..anyone interested:-)) On Tue, 28 Mar 2000, Hostmaster wrote: > There is no governing body that I am aware of. Is it to be yet > another Amercian led thing? That

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread Hostmaster
There is no governing body that I am aware of. Is it to be yet another Amercian led thing? That is what got things to the state they're in now. Also, what would be an appropriate list to discuss these things, if not openssl-users? Bill Laakkonen www.im1.net > -BEGIN PGP SIGNED MESSAGE-

Re: Verisign/NSI/Thawte monopoly

2000-03-28 Thread Michael Sierchio
[EMAIL PROTECTED] wrote: > > Gee, > > Before I get flamed for the Subject: > Of course, Verisign and Thawte are American and South African > companies, so cannot be a monopoly You are not well informed on the subject of law in the EU or US. A merger, acquisition or other alliance that does or h

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread Geoff Thorpe
Hi there, >It's time to have some kind of governing body >to force the browser makers include all accredited >CA's in the list of automatically trusted CA's. >Not the ones that pay them big $$$. Only if they also ensure that the CAs also pass some level of periodic audit-review to ensure they're

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread Salz, Rich
This is way off-topic, but: >force the browser makers include all accredited CA's in the list Please define "accredited CA" But somewhere else, not this list. :) __ OpenSSL Project http://www.ope

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread Paul Khavkine
-BEGIN PGP SIGNED MESSAGE- It's time to have some kind of governing body to force the browser makers include all accredited CA's in the list of automatically trusted CA's. Not the ones that pay them big $$$. Cheers Paul On Tue, 28 Mar 2000, you wrote: > Gee, > > Before I get flamed for

Re: Verisign

2000-03-28 Thread Michael Sierchio
[EMAIL PROTECTED] wrote: > > I just found out that Verising has aquired NSI. A short while back they > aquired Thawte . > Consentration of economic power like we see in Verisign at this point is > NEVER healthy - or am I overreacting? Shall we file a lawsuit? __

RE: Verisign/NSI/Thawte monopoly

2000-03-28 Thread hostmaster
Gee, Before I get flamed for the Subject: Of course, Verisign and Thawte are American and South African companies, so cannot be a monopoly(Two American companies doing this likely would), and of course NSI, the major marketer of Versign certs, is a registrar for domains, and this cannot be co

RE: Verisign

2000-03-28 Thread Erwann ABALEA
I don't... This point has already been discussed in this mailing list. The result is this: you can't trust a CA that delivers a certificate whatever the informations you provide... A CA is not only a technical piece of software to which you send a request and from which you get a properly formatt

RE: Verisign

2000-03-27 Thread Tariq Habib
I fully support your point of view. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, March 28, 2000 5:20 AM > To: [EMAIL PROTECTED] > Subject: Verisign > > > I just found out that Verising has aquired NSI. A s

Re: VeriSign/Thawte deal challenged

2000-01-13 Thread Jeffrey Burgoyne
Unfortunately its not likely a Canadian company could make any real challenge in the US or SA. Entrust may be trying to protect themselves as they have set up their own CA based on the chaining Thawtes root rather than looking out for the good of the market ... Jeff On Wed, 12 Jan 2000, Joe A

Re: Verisign Known Problem?

1999-02-05 Thread chlee
> Can anyone tell me what "block type is not 01" means? I get a In PKCS #1, block type 01 is private operation. So, your error messages mean wrong private key operation or padding. You have verisign root cert? - ChangHee Lee. Initiative Technology. Tel. 82-42-488-9040 E-mail. [EMA