Netscape security

Adam Shostack adam at bwh.harvard.edu
Fri Aug 18 08:15:02 PDT 1995


	To clear up some apparent confusion: The Commerce server is
not the certificate.  The NSCP Commerce Server is an httpd.
Non-profits and educationals still need to pay Verisign for a
certificate.  They do not need to pay NSCP for a $5,000 web server.

	The certificates must be signed by an approved key signing
agency.  Anyone can produce one; to get it to interact 'securely' with
free netscape browsers you need the certificate to be signed.

	There is no word as to how to become a KSA.  Netscpe has
ignored the question on several occaisons.

Adam

| On the subject of Netscape:
|    Now that Netscape is making the Commerce Server available
| for free to students, faculty, libraries, etc. (i.e., groups
| with limited ability to cough-up $290 to RSA to get the 
| 1-year digitially-signed certificate needed to make it operate 
| in "secure mode"), does anyone know of alternative methods for 
| producing such certificates?  


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







More information about the cypherpunks-legacy mailing list