In article <199412130729.XAA01473@jobe.shell.portal.com>, you write:

-----BEGIN PGP SIGNED MESSAGE-----

It is nice to have a lot of people on the list from Netscape. Here is a question about SSL relating to the use of certificates:

+ The issuer name must resolve to a name that is deemed acceptable by the application using SSL. How the application using SSL does this is outside the scope of this memo.

What does Netscape actually do about this? If I want to make a server which will interoperate with existing Netscape clients what kind of certificate do I need, and what kind of name should be in there? Thanks -

Hal Finney hfinney@shell.portal.com

-----BEGIN PGP SIGNATURE----- Version: 2.6

iQBVAwUBLu1NOxnMLJtOy9MBAQGItwIAr4eerI+FSmPpOIcwITepnXzcUUFkPwsK +Rz2FC4Y6hV0HoDEt1JnpvCPVV5N74Jtc9xMmF8CcRlBybk25PkxVQ== =LOql -----END PGP SIGNATURE-----

Because online directory services are not one of the extant solved problems on the Internet, Netscape uses a simple approach - a small set of "important issuer" certificates are compiled into the browser. A future release will support "key rings" ala PGP. This is all we had time for in this release... All you need to do is get your server certificate from one of several places, including: RSA (commercial CA or server CA) Netscape (not likely; we can't afford the liability) MCI (I don't know if they are selling this). So the short answer is: it's hard to do right now. In six months it should be a very different scenario. --------------------------------------------------------------------- Kipp E.B. Hickman Netscape Communications Corp. kipp@mcom.com http://www.mcom.com/people/kipp/index.html