From: alano@teleport.com (Alan Olsen)
Date: Sat, 10 Dec 94 10:03:33 PST
To: cypherpunks@toad.com
Subject: Re: BofA+Netscape
Message-ID: <199412101803.KAA06370@desiree.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain



>Lads,
>
>I thought many of you would be interested in the text of this story. I'm
>wondering if anyone has any comments on the excryption mechanism (i.e.
>"eavesdropping" protection) being used. I believe, from my visits to the
>Netscape (formerly Mosaic) Communications Inc. offices that they are using
>RSA, but I'm not sure how *secure* their implementation is (eg. key size,
>etc.). I'll be contacting my local branch to inquire as to how soon I'll be
>able to use the service and will post my experiences with it as soon as
>possible.

If you check their WWW page, you will find information on the Secure Sockets
Layer.  It explains the algorythm used (RC4) and key size (40 bits).  The
specification is available from a web page off of their site.  With the
latest version of Netscape, you can enable a "secure" connection with their
site.  To do so use:  https://home.mcom.com/   as the home page address.
(You need at least .96 to do this.)

I am not certain as to their key exchange protocol...
|       "Encryption ROT13s your mind."            | alano@teleport.com   |
|"Would you rather be tortured by the government  | Disclaimer:          |
|forces or the people's liberation army?" -mklprc | Ignore the man       |
|   -- PGP 2.6.2 key available on request --      |  behind the keyboard.|