Clarification of my remarks about Netscape
Hal
hfinney at shell.portal.com
Wed Dec 14 23:38:27 PST 1994
Hal <hfinney at shell.portal.com> writes:
>It appears from your docs that the Netscape client has a File menu item
>that brings up a Document Information dialog box which displays the
>distinguished names of the certificate issuer and of the subject (the
>owner of the key). This does provide a way of checking that you are
>securely connected to the server that you expect (assuming that the
>name is recognizable to the user). But it sounds like this is not
>something which the customer sees automatically. Again, this seems
>like an important security aspect which should be displayed more
>prominently.
>BTW, what do you see in the dialog when you connect securely to
>mcom.com? What is the subject name in your certificate?
I downloaded the latest Netscape client and tried the https: links at
the mcom server. When you switch to secure mode, a large dialog box
appears reminding you to check the Document Information. But it has a
"don't show again" button and I would imagine that most people would
soon use that.
The Document Information box shows this information:
Encryption Key: Export [40]
Name of Server: C=US, ST=California, O=Netscape Communications Corp.,
CN=mosaic at mcom.com
Name of Certifier: C=US, OU=Test CA, O=Netscape Communications Corp.
It would be nice if the CN field were the same as the server address.
Then the client could check it.
Hal
More information about the cypherpunks-legacy
mailing list