[735] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: Using Netsite Commerce Server with non-RSA certificate?

daemon@ATHENA.MIT.EDU (Bob Denny)
Mon Jun 5 17:23:41 1995

Date: Mon,  5 Jun 95 09:10:27 PDT
From: Bob Denny <rdenny@netcom.com>
To: www-security@ns2.rutgers.edu, Jamey Maze <jnm@ornl.gov>
Errors-To: owner-www-security@ns2.rutgers.edu

Jamey --

I'm a neophyte in this area so far, so caveat the following:

Netscape's browser accepts only "real" Netscape certificates. Imagine 
what would happen if "anyone" could run a server that successfully 
communicated with Netscape Navigator? The average person won't check
the "Document info" and examine the certification of the server, so
if I ran a bandit server, hijaacked B of A's IP address, then put up
a bogus credit card application, I'd have a field day.

Netscape and RSA carefully control the issuance of certificates that
are acceptable to the Navigator.

  -- Bob


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[735] in WWW Security List Archive

RE: Using Netsite Commerce Server with non-RSA certificate?

daemon@ATHENA.MIT.EDU (Bob Denny)Mon Jun 5 17:23:41 1995

daemon@ATHENA.MIT.EDU (Bob Denny)
Mon Jun 5 17:23:41 1995