1996-12-19 - C2NET ANNOUNCES STRONGHOLD 2.0, BUNDLED THAWTE CERTIFICATES

Header Data

From: sameer <sameer@c2.net>
To: cypherpunks@toad.com
Message Hash: 17781a7c445aba493c3188b46b784ec3dc8d9dd26177a91f10beae40c5ff2fc0
Message ID: <199612190657.WAA01162@laptop.c2.net>
Reply To: N/A
UTC Datetime: 1996-12-19 06:58:03 UTC
Raw Date: Wed, 18 Dec 1996 22:58:03 -0800 (PST)

Raw message

From: sameer <sameer@c2.net>
Date: Wed, 18 Dec 1996 22:58:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: C2NET ANNOUNCES STRONGHOLD 2.0, BUNDLED THAWTE CERTIFICATES
Message-ID: <199612190657.WAA01162@laptop.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


For Release: December 19, 1996
C2Net: Douglas Barnes, +1 510 986 8770, cman@c2.net
UK Web: Dave Williams, +44 0113 222 0046, dwilliams@ukweb.com
Thawte Consulting: Mark Shuttleworth, +27 21 975 4675, marks@thawte.com

     C2NET ANNOUNCES STRONGHOLD 2.0, BUNDLED THAWTE CERTIFICATES

Oakland, CA -- C2Net Software, an Oakland-based security software
company, announced today the beta release of Stronghold
2.0. Stronghold is currently the second most popular commercial
webserver on the Unix platform, according to the Netcraft survey of
webservers on the Internet. (see: http://www.netcraft.co.uk/survey/)

Bundled With Thawte Certificates
=================================

Additionally, C2Net and Thawte Consulting cc, a certificate authority
based in South Africa, jointly announced a bundled product: a
Stronghold webserver and a Thawte server certificate. The bundle will
sell for $545; Stronghold alone lists at $495. Thawte's main
competitor, Verisign, sells web server certificates for $290; similar
certificates are $100 when purchased separately from Thawte.

"We can now offer our customers the convenience of one-stop shopping
when setting up a secure web site," said C2Net President Sameer
Parekh.  "Thawte is now poised to be a significant competitor to
VeriSign, and we think that competition in this area is very healthy
and will bring greater value to the entire Internet"

Certificates are used for secure connections to authenticate the
server to the client. People using Netscape and Microsoft browsers can
connect to sites using both Thawte and VeriSign certificates because
the "root certificates" for these companies come pre-loaded with the
Netscape and Microsoft browsers.

New Features in Version 2.0
===========================

Stronghold 2.0 is adding a number of new features users have been
asking for. 

"We've redesigned the security interfaces and built on the new Apache 1.2
code base," commented Mark Cox, Stronghold product manager at UK Web.
"Stronghold has had many productivity and performance enhancements and it 
is now fully compliant with the new HTTP/1.1 standard."  The HTTP/1.1 
standard is a significant update to HTTP/1.0, the protocol that governs 
how web browsers and web servers communicate. 

HTTP/1.1 brings many new features to the table, including improved content 
and language  negotiation, improved persistent connections, and better
recovery from interrupted transfers. (For more information on HTTP/1.1,
see http://www.apacheweek.com/features/http11/)

Stronghold 2.0b1 also incorporates a number of popular features from
the Thawte webserver, Sioux, including more flexible directives for
specifying security properties and improved certificate-based
authentication. A subsequent beta version of Stronghold 2.0 will
contain a full-fledged grapical configuration manager, based on the
one in Sioux, as well as support for the latest version of the SSL
protocol, known as SSLv3.

Merged With Sioux
=================

Along with the bundling agreement, Thawte and C2Net have merged their
webserver products, Sioux and Stronghold. "This gives us a chance to
focus more of our energy on our certificate business," said Mark
Shuttleworth of Thawte Consulting. "By doing this, our two companies
will be better able to compete in both the web server and certificate-
issuing markets." 

Existing Sioux customers will be able to upgrade to the new version
of Stronghold for $95.

Upgrade Policy
==============

Starting today, users who purchase Stronghold will be guaranteed a 
free upgrade to 2.0 when it gets out of beta testing. Other existing
Stronghold users will probably need to pay a $95 upgrade fee, depending 
on when  they purchased the product.

Stronghold is developed outside of the United States, and is 
distributed within the US and Canada by C2Net (http://stronghold.c2.net/) 
and in the rest of the world by UK Web (http://stronghold.ukweb.com/).
All versions of the product use uncompromised, full-strength 
cryptography.

Background
==========

C2Net (previously known as Community ConneXion, Inc.) is the leading
provider of uncompromising security on the Internet. In addition to
Stronghold (http://stronghold.c2.net/), C2Net also markets SafePassage
Web Proxy (http://stronghold.ukweb.com/safepassage/), a product that
allows users of popular web browsers to use full-strength cryptography
worldwide.

UK Web Limited is a leading Internet services company specialising in 
server technology, Internet security, business solutions and effective 
site design. They are the international distributors for both 
Stronghold and SafePassage products.

Portions of Stronghold were developed by the Apache Group, and were taken 
with permission from the Apache Server http://www.apache.org/. Stronghold
also includes software developed by Eric Young (eay@mincom.oz.au).

Contacts
========

C2Net: Douglas Barnes, +1 510 986 8770, cman@c2.net
UK Web: Dave Williams, +44 0113 222 0046, dwilliams@ukweb.com
Thawte Consulting: Mark Shuttleworth, +27 21 975 4675, marks@thawte.com

		      New with Stronghold v2.0b1
		  http://stronghold.c2.net/get/beta/

== Security

In Stronghold 2.0b1 we've upgraded to the latest SSL and cryptography
library, with a number of performance improvements, particularly in
the DES implementation.

The security/SSL architecture in Stronghold has been rewritten to take
advantage of the Sioux source code base and the various features in
Sioux.

SSL client authentication has been improved. Regular expression-based
matching of client certificate information to determine access control
is possible. Stronghold now has an API for certificate to username
mapping so that client certificates may be mapped to standard
usernames.

Session ID caching is now more robust. The sessiond is no longer
needed, because the session ID cache is within the same address space
as the server processes.

== Ease of Use

The Stronghold documentation has been revised and improved greatly
since the last release. The 2.0b1 documentation is now three hundred
pages long and will grow to include more extensive documentation for
the final release. The documentation is available in both PostScript
and HTML formats.

The server has more command line options which provide information
about the server. In particular, you can get a list of all the modules
in the server or a full listing of all configuration directives that
are supported by that binary.

Compiling the server to add/remove new modules is also much
easier. The Configure script automatically detects which operating
system the server is running on and sets the compilation flags
appropriately.

Stronghold is now easier to install, with more verbose text during the
install.

Stronghold now comes with binaries for a number of useful management
utilities, such as htpasswd, htdigest, and dbmmanage.

== Functionality

Stronghold is now compliant with HTTP/1.1, the latest in web protocol
technology. Stronghold is the first commercial webserver to support
HTTP/1.1.

Stronghold 2.0b1 includes the lastest beta version of Apache (1.2b2),
which includes a number of improvements, in addition to a large number
of bugfixes.

The server status page has been improved include additional
information, including virtual hosts and client side certificates. The
status page is also much more readable.

Stronghold has a more fully-functional server-side includes mechanism,
including the "eXtended Server Side Includes" SSI format.

Stronghold provides server admins the ability to easily setup
cookie-based user tracking so the admin can see what path through
their site the users have been taking.

It is now possible to restart the server and reload the configuration
files without interrupting connections which are currently in
progress.

Stronghold is now compatible with the NCSA "Satisfy" directive for
access control.

CGI scripts are now "unbuffered". By unbuffering the CGI scripts it is
possible to do things using normal CGI that were previously only
possible using "nph".

More information is available to ErrorDocument handlers about the
cause of the error via the use of the ERROR_MSG environment variable.

== New Bundled Modules

Stronghold now bundles PHP, a very powerful language for dynamic
content and database connectivity. PHP provides for database
connectivity to mSQL, Postgres95, Solid, and mysql servers. Using PHP,
Stronghold can now generate web pages on the fly using a very powerful
C-like language for processing forms input, database queries, etc.

Stronghold now bundles with SWISH/WWWWAIS search engine for indexing
and searching through web sites.

Stronghold now comes with the proxy module enable by default. The
proxy module has also been significantly improved since the previous
version.

A full-featured URI rewriting language that allows server
administrators to define rules for transforming URIs.

Support for the DigiCash ecash protocol is now built into the
server. Using this module it is possible to set up an ecash-accepting
shop on the Internet without an actual account with an ecash-issuing
bank.

== Configurability

It is now possible with Stronghold to configure the server such that
user's CGI scripts are run under their own UID, with their own
permissions, instead of the UID of the server, with the same
permissions as the rest of the server or other CGI programs run by
other users.

Many directives now support regular expressions, so configuration
options can be set based on regular expression matching criteria.

The new <Files> container allows server adminstrators to set
configuration options on a much finer basis, down to individual files
in directories.

Server administrators can now set environment variables based on which
web browser the client is using. These environment variables can be
used to deliver different web pages, or work around bugs in various
different browsers.

Configurable logging is now the default, and has been enhanced. It is
now possible to create a number of different logfiles each with their
own configurable logging format.

It is also now possible to setup a virtual host which listens to more
than one IP number, or more than one port.

It is easier in Stronghold 2.0b1 to debug CGI scripts. The server
administrator or CGI author can configure logfiles where CGI error
messages and diagnostic information get stored.

The entire server can protect itself from runaway CGI scripts by
configuring in the resource limits for CGI that are now available in
Stronghold.

Server redirects are more configurable. The client can now be told
whether or not a redirect is temporary, permanent, or if the requested
object is completely gone.

The "Options" directive is much more configurable. It's possible now
using the "Options" directive to add and remove options from the
current set of "Options" merely by prepending a '-' or '+' to the
option name.

There is now a configuration directive to set and remove HTTP
headers. Using this directive various directories or various files can
have custom headers attached if the server administrator wants to
easily support some of the many HTTP extensions.

The configuration file can include directives which are turned on or
off conditionally depending on whether or not certain modules are
compiled into the server.







Thread