owner-cypherpunks@toad.com wrote:
I was today playing around with a Mozilla 2.0beta5 that someone gave me [more bells and whistles than my 1.12, but not much more bang for the buck] and was showing a friend all the nifty information that netscape tells about you when you visit sites, then went to c2 to show off the apache web server and when I tried to use https:// to show off how you can have your own encrypting web server for free and everything, a window popped up and said the certificate was expired.
I couldn't really tell if it meant that the certificate that Sameer generated really needed to be updated, or if Netscape beta 5 had just been rigged to reject non-netscape certificates, but the end result was no encryption.
I just looked at c2's certificate, and it doesn't expire until april. The only reason I can think of that you should have a problem is if the date on your machine is wrong.
(Jeff, if you're reading this, of course we know that Netscape, with it's open loving policies wouldn't do anything underhanded, but the thought does come to mind, and by the way, when are we going to see an option to turn off or control what information is passed out to the other end. Specifically, I'd like http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl to come up nearly blank.)
We do not send the HTTP 'From:' header. I will look into where they are getting the user name and location from. There is really nothing I can do in the Navigator to stop them from getting your IP address or DNS name.
Soooo, anyway, I was wondering if anyone knows anything about the use of privately generated certificates. Yes, Jeff, we know that Netscape is jumping to fully support user-specified certificates, but personally I saw, relating to certificates, a lot of *nifty* options and displays, but really didn't see much in the way of anything that looked like "add".
If you are operating a server you can use a certificate signed by any CA you want. When someone running Navigator 2.0 connects to that site they will be presented with a sequence of dialogs that allow them to decide if they want to talk to your site. Adding new certificates (other than for remote SSL servers) will generally be done via CA web pages, not the preferences UI. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.