Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
mozilla . dev . security
This is a Usenet group - learn more
Find or start a Google Group about security.
Group info
Group categories: Not categorized
More group info »
Discussions
View:  Topic list, Topic summary Topics 1 - 10 of 606  Older »

Get the finished message of TLS handshake 
  Hey, I try to implement a prototype implementation of tls-unique (RFC 5929) in Firefox for a German research group. Therefore I need the finished message of the TLS handshake. After hours of research I found out that this is "most likely" not possible to get the finished message in a Firefox extension. But what about XPCOM components? Is it possible to create an XPCOM component that propagates such implementation details or do I really have to modify the source code of nss? Or is there any other way that I have overlooked?... more »
By Christian Koßmann  - May 14 - 2 new of 2 messages    

It's time to remove plugin support from Firefox mobile 
  [bcc'd to many lists for wide visibility - discussion should probably be on mobile.firefox.dev ([link] )] TL;DR: Now is a good time to remove plugin support from Firefox for Android. Consider: * We do not support plugins for Firefox OS and do not plan to... more »
By David Keeler  - May 10 - 2 new of 2 messages    

Removal of "Revocation Lists" feature (Options -> Advanced -> Revocation Lists) 
  Brian, If this is just about changing the UI in Firefox, I have no objection. If this is about removing the feature from NSS altogether on the other hand, I would like to state that we have several several products at Oracle that use NSS and rely on the ability to have CRLs stored in the... more »
By Julien Pierre  - May 8 - 2 new of 2 messages    

Removal of "Revocation Lists" feature (Options -> Advanced -> Revocation Lists) 
  Hi all, I propose we remove the "Revocation Lists" feature (Options -> Advanced -> Revocation Lists). Are there any objections? If so, please explain your objection. A certificate revocation list (CRL) is a list of revoked certificates, published by the certificate authority that issued the certificates. These lists vary from 1KB to potentially hundreds of megabytes in size.... more »
By Brian Smith  - Apr 30 - 6 new of 6 messages    

OCSP Stapling w/ Delegated Signers 
  I have what may be a well tread topic in the nuances of OCSP Stapling - but after having it posed to me I realized I did not know the answer. Thus, I ask publicly in the hope that there is a simple answer I can point to in the future. If a CA uses a delegated signer for OCSP, and a website delivers an... more »
By Tom Ritter  - Apr 27 - 3 new of 3 messages    

Safebrowsing 
  Hi, I have a few questions about the safebrowsing feature in Firefox. Answering any of these questions would be extremely helpful. 1. How does one clear the safebrowsing data? 2. Does Firefox stop fetching safebrowsing data if the browser is inactive? The spec says the list is updated every 30 minutes, but... more »
By fr0sty  - Apr 22 - 1 new of 1 message    

Orangfuzz – an experimental user interaction fuzzer for Firefox OS 
  (followups to: mozilla.dev.b2g please) I recently released an experimental user interaction (touch) fuzzer for Firefox OS, known as orangfuzz[1]. It is based on the Orangutan framework[2] by wlach. More details can be found in a Mozilla Security blogpost[3]. Currently it only works with a Unagi B2G test device - I tested on a... more »
By Gary Kwong  - Apr 17 - 1 new of 1 message    

Firefox behavior with CDPs and AIAs 
  I know that FF allows you to choose a CRL and it will check status against that CRL when it finds a cert issued by the CRL issuer. Does anyone know if FF uses the CDP in the cert or the cert's issuer name as a key to find the CRL? The reason I ask is in regards to partitioned CRLs, where a CA could, for example, have one CRL for odd serial numbers and one for even. The CA would put the appropriate CDP in each cert, but would that confuse FF?... more »
By r.andr...@computer.org  - Apr 11 - 9 new of 9 messages    

Building NSS failed on both Ubuntu 12.04 and Linux Mint 14 
  I followed this instruction: [link], trying to build NSS on both Ubuntu 12.04 and Linux Mint 14. All builds failed with the error: secasn1.h:17:21: fatal error: plarena.h:no such file or directory I tried to find the file: $ find ../../../ -name plarena.h... more »
By Brian Huang  - Apr 6 - 2 new of 2 messages    

Calling function from nsIContentSecurityPolicy.idl 
  Hi, I've declared a new function in nsIContentSecurityPolicy.idl: AString getMyString(); I call this function from nsScriptLoader::ProcessScriptE lement: nsresult myRV = NS_OK; nsCOMPtr<nsIContentSecurityPol icy> myCSP; myRV = mDocument->NodePrincipal()->Ge tCsp(getter_AddRefs(myCSP));... more »
By jeremy.ral...@gmx.ch  - Apr 5 - 3 new of 3 messages    

1 - 10 of 606   « Newer | Older »

XML