[1195] in WWW Security List Archive
Re: Netscape's little key icon
daemon@ATHENA.MIT.EDU (Paul Phillips)
Sun Nov 26 20:41:16 1995
Date: Sun, 26 Nov 1995 14:05:58 -0800 (PST)
From: Paul Phillips <paulp@cerf.net>
To: www-security@ns2.rutgers.edu
cc: "Seth I. Rich" <seth@hygnet.com>
In-Reply-To: <199511262046.PAA15622@arkady.hygnet.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Sun, 26 Nov 1995, Seth I. Rich wrote:
> Hm. So judging from what I've been sent and what I've skimmed, the
> iconic representation of `You are talking to somewhere you can trust' is
> determined not by the site to which a potentially insecure transaction
> will be sent, but by the URL from which the form was sent.
No, it is "you have just talked with someone, and what you received was
encrypted in transit." It's not the site, it's whether it was an SSL
encrypted transaction or not.
> ... Hm. Is it a logical deduction that if I've received a page from site
> X, that the next server I'll access will also be X?
No. There is no state in http. The unbroken key refers to the document
you are currently viewing, not any past or future documents. The web
browser has no idea what you are going to do next! If it's another https
transaction, then the key will remain unbroken.
> Isn't that the
> implication of this icon?
No. (Maybe you should do more than just skim.)
--
Paul Phillips | "Click _here_ if you do not
<URL:mailto:paulp@cerf.net> | have a graphical browser"
<URL:http://www.cerf.net/~paulp/> | -- Canter and Siegel, on
<URL:pots://+1-619-558-3789/is/paul/there?> | their short-lived web site
