Re: Certificate Authorities?
We are looking at adding the ability for enterprise security administrators to lock various parts of the Navigator configuration so that the user can not change them, including stuff relating to trust and certificates. This functionality will not be in 2.0, but we do consider it important for certain customers. --Jeff P. Rajaram wrote:
Yes. But... I deal with the security infrastructure for a large corporation. I want only security administrators to configure the list of acceptable CAs. I specifically do not want our users to be able to add new CAs to the list of trusted "approved" CAs.
The concern is that some users who are not crypto enthusiasts may be "social engineered" into adding a very liberal CA to their list. Once this happens, the browser's signature verification capability is totally compromised.
This is one of the reasons why PGP has not been adopted by many large companies. In response, Viacrypt now seems to have a product that can restrict user modifications to the public keyring.
-raj
-- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
We are looking at adding the ability for enterprise security administrators to lock various parts of the Navigator configuration so that the user can not change them, including stuff relating to trust and certificates. This functionality will not be in 2.0, but we do consider it important for certain customers.
As a Cypberpunk, a reporter and a corporate user of java/hot java/netscape not only should you do that but have a way of locking in various class libs.. E.g. if I want to change the security class (but don't want my users to do so..) there needs to be a way.. THat SHOULD be in 2.0. /hawk Harry Hawk, Manager of Interactive Communications Warwick Baker & Fiore, 212 941 4438, habs@warwick.com The Internet has the potential to set us free -- to learn anything and do anything, whenever we want. No wonder politicians want to regulate it -- The Washington Post, November 7, 1995, p. A13., Cyber Liberation [Column], James K. Glassman
Harry S. Hawk wrote:
As a Cypberpunk, a reporter and a corporate user of java/hot java/netscape not only should you do that but have a way of locking in various class libs.. E.g. if I want to change the security class (but don't want my users to do so..) there needs to be a way.. THat SHOULD be in 2.0.
This is all stuff we are looking at. It will not be in 2.0 though. There is a lot of functionality in 2.0 that should not have to wait for this. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
This is all stuff we are looking at. It will not be in 2.0 though. There is a lot of functionality in 2.0 that should not have to wait for this.
Will knowledgable corporate users be able to change the Security Class in 2.0 ? -- Harry Hawk, Manager of Interactive Communications Warwick Baker & Fiore, 212 941 4438, habs@warwick.com The Internet has the potential to set us free -- to learn anything and do anything, whenever we want. No wonder politicians want to regulate it -- The Washington Post, November 7, 1995, p. A13., Cyber Liberation [Column], James K. Glassman
participants (2)
-
Harry S. Hawk -
Jeff Weinstein