[924] in WWW Security List Archive
Re: Netscape Commerce Server and Certificates
daemon@ATHENA.MIT.EDU (Mike McCool)
Sat Sep 23 06:15:11 1995
To: www-security@ns1.rutgers.edu
From: Mike McCool <mlm@netscape.com>
Date: Fri, 22 Sep 1995 23:54:12 -0700
Errors-To: owner-www-security@ns2.rutgers.edu
jet@abulafia.genmagic.com (J. Eric Townsend) wrote:
> "atri" == Atri Chatterjee <atri@netscape.com> writes:
> atri> The Commerce server is significantly less vulnerable because:
>
> Do you mean "will be", given #5? :-)
>
> atri> 5. We plan to have the patch available by next week
No - we feel that it is already less vulnerable than the Navigator
because the server key is only generated once, and takes much longer
to generate than a session key. However, we felt it would be best to
stay on the safe side and patch the server as well.
Patching the server also means that we can include a built in function
to allow server administrators to detect browsers which have the
vulnerability and redirect them to a page explaining the problem and
giving them a pointer to download a patched version.
--MLM
--
Mike McCool * mlm@netscape.com * http://www.netscape.com/people/mlm/
