Clarification of my remarks about Netscape

Kipp E.B. Hickman kipp at warp.mcom.com
Tue Dec 13 10:02:38 PST 1994



In article <199412130729.XAA01473 at jobe.shell.portal.com>, you write:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> It is nice to have a lot of people on the list from Netscape.
> Here is a question about SSL relating to the use of certificates:
> 
>           + The issuer name must resolve to a name that is deemed
>             acceptable by the application using SSL. How the application
>             using SSL does this is outside the scope of this memo.
> 
> What does Netscape actually do about this?  If I want to make a server
> which will interoperate with existing Netscape clients what kind of
> certificate do I need, and what kind of name should be in there?
> Thanks -
> 
> Hal Finney
> hfinney at shell.portal.com
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6
> 
> iQBVAwUBLu1NOxnMLJtOy9MBAQGItwIAr4eerI+FSmPpOIcwITepnXzcUUFkPwsK
> +Rz2FC4Y6hV0HoDEt1JnpvCPVV5N74Jtc9xMmF8CcRlBybk25PkxVQ==
> =LOql
> -----END PGP SIGNATURE-----

Because online directory services are not one of the extant solved
problems on the Internet, Netscape uses a simple approach - a small
set of "important issuer" certificates are compiled into the
browser. A future release will support "key rings" ala PGP. This is
all we had time for in this release...

All you need to do is get your server certificate from one of several
places, including:

	RSA (commercial CA or server CA)
	Netscape (not likely; we can't afford the liability)
	MCI (I don't know if they are selling this).

So the short answer is: it's hard to do right now. In six months it
should be a very different scenario.

---------------------------------------------------------------------
Kipp E.B. Hickman          Netscape Communications Corp.
kipp at mcom.com              http://www.mcom.com/people/kipp/index.html








More information about the cypherpunks-legacy mailing list