[Security] About the Firefox 3 Security Dialog & others

Pedro Melo melo at simplicidade.org
Sat Aug 23 09:00:34 CDT 2008


Hi,

On Aug 23, 2008, at 2:08 PM, Dirk Meyer wrote:
> Pedro Melo wrote:
>> On Aug 23, 2008, at 1:18 PM, Jonathan Schleifer wrote:
>>
>>> Am 23.08.2008 um 11:04 schrieb Dirk Meyer:
>>>
>>>> SAS does not work for me when I use bots. It also reduces it to one
>>>> way removing the option of X.509 certificates which is something I
>>>> need.
>>>
>>> I never said SAS should be the only way, we need multiple ways. I
>>> suggest those:
>>>
>>> * SAS with mnemonics
>>> * Fingerprint verification
>>> * CA, but no CA added in the client by default (so the user has to
>>> trust the CA manually, for example useful in a company so you don't
>>> have to verify every co-worker)
>>
>> Exactly. For bots, I personally would create my own CA and tell those
>> pesky little devils just to trust certificates signed by that.
>
> Half off-topic: is there an easy way to create a CA and sign keys with
> that? The only howtos I found are very complicated, require a password
> and stuff like that. I want to have a script 'create-ca' with some
> parameter and 'sign' getting a key.

hmms... bundled with openssl there was a CA.pl script.  It should be  
able to do what you need.

Also check out other freshmeart offers: http://freshmeat.net/search/? 
q=certification+authority&section=projects&Go.x=0&Go.y=0

Best regards,
-- 
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: melo at simplicidade.org
Use XMPP!




More information about the Security mailing list