[2008-04-17 00:47:05] <Jimse:#higgins@higginsircbot|QUIT>QUIT Jimse
[2008-04-17 00:47:07] <Jims1:#higgins@higginsircbot|JOIN>JOIN #higgins :Jims1!n=jimse@ip-69-33-231-250.sjc.megapath.net JOIN :#higgins
[2008-04-17 06:49:06] <rcjsuen:#higgins@higginsircbot|JOIN>JOIN #higgins :rcjsuen!n=rcjsuen@bas6-kitchener06-1177625335.dsl.bell.ca JOIN :#higgins
[2008-04-17 09:20:31] <MikeMc:#higgins@higginsircbot|QUIT>QUIT MikeMc
[2008-04-17 09:24:47] <MikeMc:#higgins@higginsircbot|JOIN>JOIN #higgins :MikeMc!n=MikeMc@ool-457d0c29.dyn.optonline.net JOIN :#higgins
[2008-04-17 09:31:22] <MikeMc:#higgins@higginsircbot>Hi Jim - u there?
[2008-04-17 09:37:51] <Jims1:#higgins@higginsircbot>yeah
[2008-04-17 09:38:40] <MikeMc:#higgins@higginsircbot>so have anyone complained about building cert chains for wag before me?
[2008-04-17 09:39:07] <MikeMc:#higgins@higginsircbot>specifically ... the godaddy cert
[2008-04-17 09:39:59] <Jims1:#higgins@higginsircbot>I haven't heard anyone else complain
[2008-04-17 09:40:14] <MikeMc:#higgins@higginsircbot>when we build the chain in java , the 2nd cert is
[2008-04-17 09:40:16] <MikeMc:#higgins@higginsircbot>Certificate 2 : 
[2008-04-17 09:40:16] <MikeMc:#higgins@higginsircbot>  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US 
[2008-04-17 09:40:16] <MikeMc:#higgins@higginsircbot>  modulus: 28102739193587910144578747474926408217849460363800059769223951... 
[2008-04-17 09:40:16] <MikeMc:#higgins@higginsircbot>  Validity: [From: Tue Jun 29 13:06:20 EDT 2004, To: Sat Jun 29 13:06:20 EDT 2024] 
[2008-04-17 09:40:16] <MikeMc:#higgins@higginsircbot>  Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network 
[2008-04-17 09:40:18] <MikeMc:#higgins@higginsircbot>  SerialNumber: [    010d]
[2008-04-17 09:40:39] <MikeMc:#higgins@higginsircbot>when we do same in C++ on windows in browser context we get:
[2008-04-17 09:40:41] <MikeMc:#higgins@higginsircbot>Certificate 2 : 
[2008-04-17 09:40:41] <MikeMc:#higgins@higginsircbot>  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US 
[2008-04-17 09:40:41] <MikeMc:#higgins@higginsircbot>  modulus: 28102739193587910144578747474926408217849460363800059769223951... 
[2008-04-17 09:40:41] <MikeMc:#higgins@higginsircbot>  Validity: [From: Tue Jun 29 13:06:20 EDT 2004, To: Thu Jun 29 13:06:20 EDT 2034] 
[2008-04-17 09:40:41] <MikeMc:#higgins@higginsircbot>  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US 
[2008-04-17 09:40:42] <MikeMc:#higgins@higginsircbot>  SerialNumber: [    00] 
[2008-04-17 09:41:13] <MikeMc:#higgins@higginsircbot>seems like godaddy chained to ValiCert root until they could get browsers/jres to distribute their root
[2008-04-17 09:41:14] <Jims1:#higgins@higginsircbot>exact same site?
[2008-04-17 09:41:29] <MikeMc:#higgins@higginsircbot>yes - two certs for same key
[2008-04-17 09:41:33] <MikeMc:#higgins@higginsircbot>one self signed
[2008-04-17 09:41:40] <MikeMc:#higgins@higginsircbot>one signed by another root
[2008-04-17 09:41:46] <Jims1:#higgins@higginsircbot>let me look at something.  
[2008-04-17 09:42:14] <Jims1:#higgins@higginsircbot>this is wag.bandit-project.org?
[2008-04-17 09:42:26] <MikeMc:#higgins@higginsircbot>seems like Sun's JRE 5 does not yet have the self signed godaddy root
[2008-04-17 09:42:32] <MikeMc:#higgins@higginsircbot>but windows IE does have it
[2008-04-17 09:42:57] <MikeMc:#higgins@higginsircbot>so cardspace creates on RPID and java code creates another
[2008-04-17 09:43:10] <MikeMc:#higgins@higginsircbot>on-one
[2008-04-17 09:43:21] <MikeMc:#higgins@higginsircbot>unnerstan?
[2008-04-17 09:43:53] <Jims1:#higgins@higginsircbot>yeah, now I'm googling for sun JRE godaddy certificate
[2008-04-17 09:43:57] <MikeMc:#higgins@higginsircbot>suspect this is why MSFT wants to change the algorithm for rpid gen
[2008-04-17 09:44:01] <Jims1:#higgins@higginsircbot>seems like  afew hits
[2008-04-17 09:44:35] <MikeMc:#higgins@higginsircbot>this was a bitch to debug
[2008-04-17 09:44:39] <Jims1:#higgins@higginsircbot>GoDaddy has not as of yet ascended to the ranks of a default trusted certificate authority in the Java Security code. You have to make this happen manually.
[2008-04-17 09:46:14] <MikeMc:#higgins@higginsircbot>we noticed this because - when a browser treats wag like RP during Managed Card generation when backed by personal card - Selector gets chain from Browser
[2008-04-17 09:46:37] <MikeMc:#higgins@higginsircbot>when using that managed card - the Selector builds the chain for the IdP 
[2008-04-17 09:46:58] <MikeMc:#higgins@higginsircbot>so we would never be able to find the personal card
[2008-04-17 09:47:14] <Jims1:#higgins@higginsircbot>ah
[2008-04-17 09:48:01] <Jims1:#higgins@higginsircbot>I'm trying to get andy to look at this
[2008-04-17 09:48:01] <MikeMc:#higgins@higginsircbot>just wanted you guys to know - in case you had an irate user asking stupid questions like me
[2008-04-17 09:48:04] <Jims1:#higgins@higginsircbot>I'm on vacation with fam
[2008-04-17 09:48:23] <MikeMc:#higgins@higginsircbot>nothing you can do really - we need to convince the java code to build same chain as IE
[2008-04-17 09:48:35] <Jims1:#higgins@higginsircbot>yeah -- that'd be nice
[2008-04-17 09:48:51] <Jims1:#higgins@higginsircbot>or we need to use someone else's certs
[2008-04-17 09:49:07] <Jims1:#higgins@higginsircbot|NICK>NICK Jimse
[2008-04-17 09:49:16] <MikeMc:#higgins@higginsircbot>this problem will recurr elsewhere - which is why MSFT is changin algorithm
[2008-04-17 09:49:43] <Jimse:#higgins@higginsircbot>true
[2008-04-17 09:50:33] <MikeMc:#higgins@higginsircbot>was hoping someone from parity would be here since they use same java code
[2008-04-17 09:50:49] <MikeMc:#higgins@higginsircbot>I may not make it to the hggins dev call
[2008-04-17 09:51:05] <Jimse:#higgins@higginsircbot>oh, me neither
[2008-04-17 09:51:10] <Jimse:#higgins@higginsircbot>taking kiddies to alcatraz today
[2008-04-17 09:51:22] <MikeMc:#higgins@higginsircbot>leaving them?
[2008-04-17 09:51:22] <Jimse:#higgins@higginsircbot>(07:50:35) Andrew Hodgkinson: yes.  I hit this (and similar) problems several months ago and asked Microsoft about them (Mike Jones).
[2008-04-17 09:51:22] <Jimse:#higgins@higginsircbot>(07:50:56) Andrew Hodgkinson: Is it public that M$ is changing the algorithm?
[2008-04-17 09:51:36] <Jimse:#higgins@higginsircbot>leaving them is a great idea
[2008-04-17 09:51:40] <MikeMc:#higgins@higginsircbot>its not public
[2008-04-17 09:52:08] <Jimse:#higgins@higginsircbot>oh, is this irc channel public?
[2008-04-17 09:52:09] <MikeMc:#higgins@higginsircbot>tell andy that it would have been nice if he told us too ;-) spent last two days figuring this out
[2008-04-17 09:52:41] <MikeMc:#higgins@higginsircbot>never mind
[2008-04-17 09:53:12] <Jimse:#higgins@higginsircbot>I'm relaying everything to him
[2008-04-17 10:01:41] <tdoman:#higgins@higginsircbot|JOIN>JOIN #higgins :tdoman!n=TeeDoh@137.65.132.134 JOIN :#higgins
[2008-04-17 11:11:22] <Jimse:#higgins@higginsircbot|QUIT>QUIT Jimse
[2008-04-17 15:27:36] <MikeMc:#higgins@higginsircbot|PART>PART #higgins 
[2008-04-17 17:57:21] <Jimse:#higgins@higginsircbot|JOIN>JOIN #higgins :Jimse!n=jimse@ip-69-33-231-250.sjc.megapath.net JOIN :#higgins
[2008-04-17 18:35:58] <Jimse:#higgins@higginsircbot|QUIT>QUIT Jimse
[2008-04-17 18:56:00] <tdoman:#higgins@higginsircbot|QUIT>QUIT tdoman
[2008-04-17 20:04:00] <tdoman:#higgins@higginsircbot|JOIN>JOIN #higgins :tdoman!n=TeeDoh@66.29.163.1.static.utahbroadband.com JOIN :#higgins
[2008-04-17 21:08:52] <rcjsuen:#higgins@higginsircbot|QUIT>QUIT rcjsuen
[2008-04-17 21:23:42] <rcjsuen:#higgins@higginsircbot|JOIN>JOIN #higgins :rcjsuen!n=rcjsuen@bas6-kitchener06-1177624177.dsl.bell.ca JOIN :#higgins
[2008-04-17 23:25:23] <rcjsuen:#higgins@higginsircbot|QUIT>QUIT rcjsuen
[2008-04-17 23:46:08] <Jimse:#higgins@higginsircbot|JOIN>JOIN #higgins :Jimse!n=jimse@ip-69-33-231-250.sjc.megapath.net JOIN :#higgins
[2008-04-17 23:48:12] <_keturn:#higgins@higginsircbot|QUIT>QUIT _keturn