[270] in WWW Security List Archive
Re: SPRY's AIR Mosaic security scheme
daemon@ATHENA.MIT.EDU (wmperry@spry.com)
Wed Dec 14 13:02:11 1994
From: wmperry@spry.com
Date: Wed, 14 Dec 94 07:17 PST
To: www-security@ns1.rutgers.edu
In-Reply-To: <Pine.3.05.9412131836.B21352-a100000@toadflax.cs.ucdavis.edu>
Reply-To: www-security@ns1.rutgers.edu
leb@cs.ucdavis.edu writes:
>
> When I was about to order the registered version of SPRY's browser from
> within the browser itself, it displayed the message "This is a secure
> transaction that uses SPRY's encryption technology blah blah ..." or
> something like that. In other words, they were trying to tell me it was
> safe to enter my credit card number into the provided FORM.
>
> Does anybody know how this works?
> Maybe the program has SPRY's public key compiled in.
It uses a proprietary scheme, that wasn't really meant to be deployed for
as long as it has been. Changes in the S-HTTP spec, as well as dickering
with terisa and rsa, etc, to see what crypto toolkit was to be used, has
delayed the deployment of S-HTTP in AIR Mosaic.
We should be releasing a first cut with S-HTTP in it by middle/late
january for a large customer, and it should be available to the general
public soon after.
-Bill P.
