[1198] in WWW Security List Archive
Re: Netscape's little key icon
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Tue Nov 28 08:04:09 1995
To: www-security@ns1.rutgers.edu
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 28 Nov 1995 00:57:44 -0800
Errors-To: owner-www-security@ns2.rutgers.edu
P.J. Stafford wrote:
>
> >I see that little key icon in the bottom left corner of the screen. I'm
> >told that when it's a solid key with teethies, that means you're talking
> >to a "secure server" (if that phrase has any meaning outside of marketing
> >materials).
>
> I've got a follow up question: If an order is taken on a "secure" form, but
> the results of the order form are send automatically to the clients email
> address (say, on AOL), isnt the credit card # flying thought the Net in a
> clear email ? The only thing that appears to be secure is the shoppers
> interaction with the server, but when the server sends the order outside the
> machine to the person who receives the order, the credit card is "unsecure".
>
> Do I have this right ? If yes, is the only solution for the server to send
> a PGP encoded mail message to the person who receives the orders ?
If you order something over an encrypted http connection, and the server
operator is sending your private information back to you via clear-text
e-mail, they've got big problems. If this is the case, they have completely
subverted the security of their operation. If you know of someone who is
doing this, please help educate them about why this is a bad thing.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
