[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification of my remarks about Netscape



Hal <[email protected]> writes:
>It appears from your docs that the Netscape client has a File menu item
>that brings up a Document Information dialog box which displays the
>distinguished names of the certificate issuer and of the subject (the
>owner of the key).  This does provide a way of checking that you are
>securely connected to the server that you expect (assuming that the
>name is recognizable to the user).  But it sounds like this is not
>something which the customer sees automatically.  Again, this seems
>like an important security aspect which should be displayed more
>prominently.

>BTW, what do you see in the dialog when you connect securely to
>mcom.com?  What is the subject name in your certificate?

I downloaded the latest Netscape client and tried the https: links at
the mcom server.  When you switch to secure mode, a large dialog box
appears reminding you to check the Document Information.  But it has a
"don't show again" button and I would imagine that most people would
soon use that.

The Document Information box shows this information:

Encryption Key:  Export [40]
Name of Server:	C=US, ST=California, O=Netscape Communications Corp.,
		[email protected]
Name of Certifier: C=US, OU=Test CA, O=Netscape Communications Corp.

It would be nice if the CN field were the same as the server address.
Then the client could check it.

Hal