[931] in WWW Security List Archive
Re: Netscape Commerce Server and Certificates
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Sat Sep 23 20:51:39 1995
To: www-security@ns1.rutgers.edu
From: jsw@neon.netscape.com (Jeff Weinstein)
Date: 23 Sep 1995 21:25:26 GMT
Errors-To: owner-www-security@ns2.rutgers.edu
In article <199509231415.KAA07295@ns2.rutgers.edu>, trei@process.com (Peter Trei) writes:
> > 5 million seconds = 57.8 days
> > 5 billion seconds = 158 years
> This is somewhat misleading. The fact that 'key pairs are generated only once" is
> a weakness, not a strength. Since the key is persistant, it's a high value target, and
> once cracked, calls into question all transactions made using that key pair.
We are planning to aggressively get our commerce server customers to
upgrade their servers, generate new keys, and get new certificates.
The new certificates will be issued at no charge.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
