Re: SSLRef (SSLtelnet)
The link I used recently to get SSLREF is <URL: http://www.netscape.com/eng/ssl/sslref2.0/index.html>. I don't now what kind of export restrictions this enforces. I was hoping to write a program which would sit on the user's PC and act as a proxy for Netscape's browser. It would connect using 128 bit SSL instead of 40 bit. The stumbling block is that Netscape won't connect to even the local proxy unless it sees a valid certificate, one signed by a CA that it accepts. For this application I would need such a certificate, and make the corresponding public and private keys public, hard-coding them into the proxy. Since the proxy runs on the same PC as the browser there is no need for confidentiality between them, and the secret key can be revealed. Does anyone have an idea for a way to acquire a certificate acceptable to Netscape, perhaps one with a "broken key", that could be used for this purpose? Hal
hfinney@shell.portal.com said:
Does anyone have an idea for a way to acquire a certificate acceptable to Netscape, perhaps one with a "broken key", that could be used for this purpose?
RSA will give out certificates to individuals; Apple includes a coupon for a free one with their MacOS 7.5 (and 7 Pro) release. There's a program for the Mac (RIPEM Mac) that will convert the keys returned into RIPEM usable PEM-format keys. Isn't that what SSL uses? The only question is what CAs are supported by the browser.... I think the Apple keys are under RSA's Unaffiliated User CA... If there's interest, I'll look further into this. Bob
To get a certificate, you need to talk to Verisign, and give them a business plan, a key, and 270 bucks per year to get your key certified. Verisign is a spin off of RSA. | The stumbling block is that Netscape won't connect to even the local | proxy unless it sees a valid certificate, one signed by a CA that it | accepts. For this application I would need such a certificate, and make | the corresponding public and private keys public, hard-coding them into | the proxy. Since the proxy runs on the same PC as the browser there is | no need for confidentiality between them, and the secret key can be | revealed. | | Does anyone have an idea for a way to acquire a certificate acceptable to | Netscape, perhaps one with a "broken key", that could be used for this | purpose? | | Hal | -- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (3)
-
Adam Shostack -
Bob Snyder -
Hal