[115094] in cryptography@c2.net mail archive
Re: Fixing SSL (was Re: Dutch Transport Card Broken)
daemon@ATHENA.MIT.EDU (Bill Squier)
Thu Feb 14 17:40:08 2008
Cc: cryptography@metzdowd.com
From: Bill Squier <groo@old-ones.com>
To: =?ISO-8859-1?Q?Philipp_G=FChring?= <pg@futureware.at>
In-Reply-To: <200802111428.30934.pg@futureware.at>
Date: Wed, 13 Feb 2008 13:07:39 -0500
On Feb 11, 2008, at 8:28 AM, Philipp G=FChring wrote:
> I had the feeling that Microsoft wants to abandon the usage of client
> certificates completely, and move the people to CardSpace instead.
> But how do you sign your emails with CardSpace? CardSpace only does =20=
> the
> realtime authentication part of the market ...
We (Morgan Stanley) were able to pressure them into a rapid fix, and =20
they have committed to delivering it in SP1. Keep your fingers crossed.
> If anyone needs more information how to upgrade your Web-based CA =20
> for IE7:
> http://wiki.cacert.org/wiki/IE7VistaSource
Step (2), "On Vista you have to add this website to the list of =20
trusted sites in the internet-settings." can be quite unpalatable. =20
Depending on your customers' situations, an alternative might be more =20=
palatable: Generate the key and deliver a PKCS#12.
This depends on whether you believe in the non-repudiation fairy or =20
not -- or more accurately, whether you're already assuming the =20
repudiation risk.
-wps
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
