Clarification of my remarks about Netscape
Hal
hfinney at shell.portal.com
Wed Dec 14 23:38:27 PST 1994
Hal <hfinney at shell.portal.com> writes:
>It appears from your docs that the Netscape client has a File menu item
>that brings up a Document Information dialog box which displays the
>distinguished names of the certificate issuer and of the subject (the
>owner of the key). This does provide a way of checking that you are
>securely connected to the server that you expect (assuming that the
>name is recognizable to the user). But it sounds like this is not
>something which the customer sees automatically. Again, this seems
>like an important security aspect which should be displayed more
>prominently.
>BTW, what do you see in the dialog when you connect securely to
>mcom.com? What is the subject name in your certificate?
I downloaded the latest Netscape client and tried the https: links at
the mcom server. When you switch to secure mode, a large dialog box
appears reminding you to check the Document Information. But it has a
"don't show again" button and I would imagine that most people would
soon use that.
The Document Information box shows this information:
Encryption Key: Export [40]
Name of Server: C=US, ST=California, O=Netscape Communications Corp.,
CN=mosaic at mcom.com
Name of Certifier: C=US, OU=Test CA, O=Netscape Communications Corp.
It would be nice if the CN field were the same as the server address.
Then the client could check it.
Hal
More information about the Testlist
mailing list