Crypto *is* integrated into Netscape. Unfortunately, the crypto is SSL -- a complete waste of time.
Among other things, SSL only lets you authenticate to X.509 certificate roots that have been issued straight from the hands of Jim Bidzos -- which effectively means that you can secure only connections with Netscape commerce servers, and that you cannot authenticate both ends of the communications link. Its also just plain bad -- there are ugly holes in the security from what I can see. Netscape is, of course, pushing it as a standard. Vomit.
Luckily, Netscape recently hired Tahir El Gammal (did I put too many m's there?) and he's a smart guy. Unfortunately, he seems to be in a position where he has to defend the fairly bad work they did already.
Still in catch-up mode. . . . As the person who evaluated Courier for Intuit, I feel compelled to point out that Intuit does *not* endorse SSL. I agree with all of Perry's criticisms, and offer a couple of my own: 1) since SSL is a sub-application-level protocol trying to solve an application-level security problem, it leaves communicating nodes vulnerable to early-termination attacks. SSL MACs authenticate individual SSL records, not application messages. 2) since only fools run http servers on secure network segments, network admins are faced with the problem of clearing sensitive data (presumably "protected" on the line by SSL) out of the DMZ in real time. This is a pain. Fortunately, Courier suffers from neither of these infirmities. - Mark - -- Mark Chen chen@intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D