[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (none)



[email protected] wrote:

> I was today playing around with a Mozilla 2.0beta5 that someone gave me
> [more bells and whistles than my 1.12, but not much more bang for the buck]
> and was showing a friend all the nifty information that netscape tells
> about you when you visit sites, then went to c2 to show off the apache
> web server and when I tried to use https:// to show off how you can have your
> own encrypting web server for free and everything, a window popped up and
> said the certificate was expired.
>
> I couldn't really tell if it meant that the certificate that Sameer generated
> really needed to be updated, or if Netscape beta 5 had just been rigged to
> reject non-netscape certificates, but the end result was no encryption.

  I just looked at c2's certificate, and it doesn't expire until april.
The only reason I can think of that you should have a problem is if the
date on your machine is wrong.

> (Jeff, if you're reading this, of course we know that Netscape, with it's open
> loving policies wouldn't do anything underhanded, but the thought does come
> to mind, and by the way, when are we going to see an option to turn off or
> control what information is passed out to the other end. Specifically, I'd like
> http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl to come up nearly blank.)

  We do not send the HTTP 'From:' header.  I will look into where
they are getting the user name and location from.  There is really
nothing I can do in the Navigator to stop them from getting your
IP address or DNS name.

> Soooo, anyway, I was wondering if anyone knows anything about the use of
> privately generated certificates. Yes, Jeff, we know that Netscape is jumping
> to fully support user-specified certificates, but personally I saw, relating
> to certificates, a lot of *nifty* options and displays, but really didn't
> see much in the way of anything that looked like "add".

  If you are operating a server you can use a certificate signed by any
CA you want.  When someone running Navigator 2.0 connects to that site
they will be presented with a sequence of dialogs that allow them to
decide if they want to talk to your site.  

  Adding new certificates (other than for remote SSL servers) will generally
be done via CA web pages, not the preferences UI.  

	--Jeff
-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.