[5110] in WWW Security List Archive
Feedback on securing web transactions.
daemon@ATHENA.MIT.EDU (Rob Absalom)
Wed Apr 16 14:41:37 1997
Date: Wed, 16 Apr 1997 16:18:44 +0100
From: Rob Absalom <roba@roba.demon.co.uk>
Reply-To: roba@roba.demon.co.uk
To: Web Security Mailing List <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
> I'm currently working on developing an application that will be dealing
> with sensitive data. The web is perfectly suited for the application.
> The problem that I have with the web though is how to secure the data
> being transmitted between the server and the browzer.
>
> I know about SSL, but the application is for use outside USA, so as I
> understand it SSL will only be 40 bit encryption. This is not considered
> suitable. Previously I have used Entrust from NorTel to secure network
> communication. My question is either : 1) does anyone know if it is
> possible to integrate Entrust with any of the available web browzers. 2)
> what other encryption packages are available that would provide a better
> service than SSL, and integrate with a Web browzer.
Hello all
I posted the above questions a few weeks ago. This is just to give some
feedback on the responses I got from everyone (thanks to all who offered
their advice).
The solutions given for the above problem were:
1) A mail I got advised about a group in Russia that were working on an
encryption system for this very problem, but I couldn't find any more
information on the group.
2) Use the Safeway encryption system with the Stronghold web server.
Safeway provides full 128 bit encryption outside of the US. This was a
potentially viable solution, but it was still felt that SSL was just not
strong enough.
3) The best solution was offered by Gradient Technologies. They are
currently developing a product (should be ready around August this year)
that uses the Entrust software available from Nortel, for the web
communication. On the client side there is a plug-in that encrypts all
outgoing data, and decrypts all incomming data. There is a proxy on the
server side that does likewise. The product is meant to be totally
seamless, which is a very attractive feature. This product will be
available for both Netscape and Microsoft Explorer. Here are some
contact points to get more information:
http://www.gradient.com/
Gradient Technologies, Inc.
3 Matching Lane
Bishop's Stortford, Herts.
CM23 2PP, United Kingdom
Telephone: +44 1 279 755 247
Fax: +44 1 279 755 247
E-mail: EMEAsales@gradient.com
Cheers
Rob.
--
*********************************************
Rob Absalom
41 Helen Rd
Oxford
Oxfordshire
OX2 0DF
UK
Tel (Work) 01491 614434
(home) 01865 790600
Fax (Work) 01491 614454
Email roba@roba.demon.co.uk
**********************************************