... Speaking of things which are going to happen "soon", several weeks ago it was announced that Netscape would be publishing details of how to add alternate ...
Ben Laurie ...
Nov 1, 1995 9:18 pm
556
In article <30965D1E@...>, Simon.Grantham@... (Simon ... Netscape Navigator proper (i.e, the browser itself) runs on top of an underlying...
Frank Hecker ...
Nov 2, 1995 1:53 am
557
After reading about possible attacks on SSL, I was wondering about the following scenario : When the Client sends the CLIENT-HELLO msg, it includes the...
Sameer Tejani ...
Nov 2, 1995 3:04 am
558
Today I received from Verisign, what I thought was the new certificate for our recently patched Netscape Commerce Server. Well, after about an hour of being...
DaVe ...
Nov 2, 1995 3:43 am
559
... I got side-tracked on Navigator Beta 2 stuff, but I'm back working on the certificate document as my top priority. It should be out soon. --Jeff -- Jeff...
Jeff Weinstein ...
Nov 2, 1995 6:25 am
560
... Since you don't have AT&T's private key, you can't use their certificate. We are also trying to improve our administration code so that if you try to...
Jeff Weinstein ...
Nov 2, 1995 7:17 am
561
... A denial of service attack (DSA) is possible in the way you described. But why use such a complicated method? You can perform a DSA at lower protocol...
Holger Reif ...
Nov 2, 1995 9:12 am
562
Netscape's support folks are telling me the International and Non-export versions of the Commerce Server are identical... is this in fact true? ... -- JB...
John Brady ...
Nov 2, 1995 8:03 pm
563
Please tell me how to get off your list. Thanks!...
Glenn ...
Nov 3, 1995 4:03 am
564
... I think there is some confusion about the term 'export controlled'. There are in fact two versions of the Commerce Server. One for use in the US and ...
Jeff Weinstein ...
Nov 3, 1995 8:41 am
565
"export" and "international" are usually both packaging euphamisms for "encryption with keys weak enough to get an export license (export from u.s.)". What...
Rodney Thayer ...
Nov 3, 1995 5:03 pm
566
... Denial of service is possible, and nothing in SSL prevents that kind of attack. It would be simpler for the man in the middle to merely throw away all of...
Phil Karlton ...
Nov 3, 1995 9:43 pm
567
AcId ...
Nov 7, 1995 4:26 am
568
AcId ...
Nov 7, 1995 5:19 am
569
Several time we heard about the emission of Digital ID's from Verisign for use with netscape nav 2.0. press release stated late october (as I recall right)...
Holger Reif ...
Nov 8, 1995 12:50 am
570
I'm new to this so slap me if I'm being really studid. What's the point of the session keys (client-read/write, server-read/write) as opposed to just using the...
Holger Reif ...
Nov 8, 1995 1:43 am
571
... Hi, Although I'm unfamiliar with Verisigns, are you refering to a secure transmission protocole via the web? Arnold end st93he7f@... FidoNet...
Arnold Krivoruk ...
Nov 8, 1995 4:55 am
572
... Yes. Correct. You'd never want to de-crypt on the CGI side, would you? You could, but it would be lame. Interestingly, We did a proxy SSL demo using a...
Patrick Richard ...
Nov 8, 1995 7:41 am
573
Since some (already discussed) questions/problems occur again and again and a headerline (X-Mailing-List: <ssl-talk@...> archive/latest/1188) seemes...
Holger Reif ...
Nov 8, 1995 10:39 am
574
... using only the session keys for encryption you are safe even if one session key is broken by a successfull attack. Since the session keys are derived from...
Holger Reif ...
Nov 8, 1995 10:56 am
575
... The reason for not using the master key for all conversations is to reduce the chance of cracking the master key. Although algorithms differ, the basic...
Larry Streepy ...
Nov 8, 1995 6:06 pm
576
Sorry for having done a typo; thanks to peter@... for detecting it; here is the right version ... ^^^^^ read you later - Holger Reif ...
Holger Reif ...
Nov 8, 1995 10:28 pm
577
We're trying to get the Netscape reference implementation working on our machines, and we're having trouble getting a dummy test certificate to work. We got...
Jean Moroney ...
Nov 8, 1995 11:04 pm
578
... Ahem. The reason for not using the master key is that it's a private key, and the RSA or Diffie-Hellman operations that do encryption using a private key...
cjh@...
Nov 9, 1995 1:27 am
579
... Jeff is correct. The certificate includes the public key only. There has been no breach of security. VeriSign has modified our procedures so this will...
George Parsons ...
Nov 9, 1995 5:39 am
580
... Well, if you read JWILSON's original mail (the one where he says "I'm new to this so slap me if I'm being really studid." (sp)), he used the term "master...
cjh@...
Nov 9, 1995 5:53 am
581
... The Persona CA cannot issue a certificate usable within the current SSL secure server environment. ... In order the "test" you will need a certificate...
George Parsons ...
Nov 9, 1995 6:51 am
582
Hello, We are hinging on releasing a CA server product based on a "real" x500 database, and have been awaiting the release of the open CA policy in Netscape ...
Patrick Richard ...
Nov 9, 1995 3:15 pm
583
Since I just joined this list, I'm not sure whether these issues has been discussed. If it has, can some one please point me to the archives? If some of the...
Guru Sundararaman ...
Nov 9, 1995 5:59 pm
584
... I assume the Netscape navigator (client) side key management is not in place yet. How will it work in the future impletementation? Say, when a client...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
