[1190] in WWW Security List Archive
Re: Netscape's little key icon
daemon@ATHENA.MIT.EDU (Paul Phillips)
Sat Nov 25 17:47:03 1995
Date: Sat, 25 Nov 1995 11:56:41 -0800 (PST)
From: Paul Phillips <paulp@cerf.net>
To: "Seth I. Rich" <seth@hygnet.com>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <199511251802.NAA15247@arkady.hygnet.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Sat, 25 Nov 1995, Seth I. Rich wrote:
> Ok, perhaps this is a FAQ item, but I don't recall having read it
> anywhere. When I open up Netscape, which is admittedly infrequently, I
> see that little key icon in the bottom left corner of the screen. I'm
> told that when it's a solid key with teethies, that means you're talking
> to a "secure server" (if that phrase has any meaning outside of marketing
> materials).
>
> This is my question: How is that determined? If the browser is opened to
> URL A, how does the browser determine whether it's a "secure" thing? By
> looking at the server which houses that URL? By looking at the servers
> to which forms could potentially be submitted?
Because the http that runs on top of SSL has a different scheme name
(https) and uses a different port (443) there is no difficulty involved
in identifying a "secure document." The key should be solid if the
current document was retrieved over an encrypted channel (which the
browser obviously knows, since it had to participate in the encryption!)
--
Paul Phillips | "Click _here_ if you do not
<URL:mailto:paulp@cerf.net> | have a graphical browser"
<URL:http://www.cerf.net/~paulp/> | -- Canter and Siegel, on
<URL:pots://+1-619-558-3789/is/paul/there?> | their short-lived web site
