[5002] in WWW Security List Archive
Re: SSL encryption. (fwd)
daemon@ATHENA.MIT.EDU (Tim Gage)
Tue Apr 8 20:35:36 1997
Date: Tue, 08 Apr 1997 13:24:29 +0000
To: roba@roba.demon.co.uk
From: Tim Gage <timg@xcert.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>Date: Sun, 06 Apr 1997 09:03:35 +0100
>From: Rob Absalom <roba@roba.demon.co.uk>
>To: Web Security Mailing List <www-security@ns2.rutgers.edu>
>Subject: SSL encryption.
>
>I'm currently working on developing an application that will be dealing
>with sensitive data. The web is perfectly suited for the application.
>The problem that I have with the web though is how to secure the data
>being transmitted between the server and the browzer.
>
>I know about SSL, but the application is for use outside USA, so as I
>understand it SSL will only be 40 bit encryption. This is not considered
>suitable. Previously I have used Entrust from NorTel to secure network
>communication. My question is either : 1) does anyone know if it is
>possible to integrate Entrust with any of the available web browzers. 2)
>what other encryption packages are available that would provide a better
>service than SSL, and integrate with a Web browzer.
>--
>*********************************************
>Rob Absalom
>
>
Rob,
May I suggest you take a look at Xcert's product. We sell a fully web-based
certification authority product called Sentry CA.
The product lets you create, issue, manage and revoke digital certificates
for client and server authentication and also end-to-end encryption. Sentry
uses Netscape Navigator or Microsoft IE as the standard client interface
(although our API can be used to build other certificate aware client
applications.) Sentry is currently bundled with the Stronghold secure server
and costs $1495. You can also download a free copy of the product (for a 30
day evaluation period) from our site.
For stronger than 40 bit encryption, you may find C2Net's Safepassage
product to be appropriate. Safepassage is designed to let export-crippled
browsers such as Netscape Navigator and Microsoft Internet Explorer use full
128-bit (or greater) encryption when talking to secure Web servers. It does
this by acting as a full-strength, encrypting Web proxy that transparently
intercedes between your browser and the Web, much like a proxy server. For
more information check:
http://www.c2.net/products/spwp/
C2Net are currently developing a version of Safepassage that uses Xcert's
client certificates.
Hope the above helps.
Regards,
Tim Gage
Xcert Software Inc.
http://www.xcert.com
