[925] in WWW Security List Archive
Re: Netscape Commerce Server and Certificates
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Sat Sep 23 07:26:31 1995
To: www-security@ns1.rutgers.edu
From: jsw@neon.netscape.com (Jeff Weinstein)
Date: 23 Sep 1995 08:26:07 GMT
Errors-To: owner-www-security@ns2.rutgers.edu
In article <3063AF14.68E7@netscape.com>, mlm@netscape.com (Mike McCool) writes:
> jet@abulafia.genmagic.com (J. Eric Townsend) wrote:
> > "atri" == Atri Chatterjee <atri@netscape.com> writes:
> > atri> The Commerce server is significantly less vulnerable because:
> >
> > Do you mean "will be", given #5? :-)
> >
> > atri> 5. We plan to have the patch available by next week
>
> No - we feel that it is already less vulnerable than the Navigator
> because the server key is only generated once, and takes much longer
> to generate than a session key. However, we felt it would be best to
> stay on the safe side and patch the server as well.
To be more precise, we feel that it is less vulnerable than the Navigator,
but it is nowhere near as strong as it should be for the key size. Therefore
it must be fixed.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
