1995-07-20 - Re: Netscape the Big Win

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: tcmay@sensemedia.net (Timothy C. May)
Message Hash: 3ba0c1b7acb6a9f7ae472a32c5e1b602b44fef58472fb5ae184e5f6973ccb03a
Message ID: <9507200747.AA15208@snark.imsi.com>
Reply To: <ac330625030210040787@[205.199.118.202]>
UTC Datetime: 1995-07-20 07:48:00 UTC
Raw Date: Thu, 20 Jul 95 00:48:00 PDT

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Thu, 20 Jul 95 00:48:00 PDT
To: tcmay@sensemedia.net (Timothy C. May)
Subject: Re: Netscape the Big Win
In-Reply-To: <ac330625030210040787@[205.199.118.202]>
Message-ID: <9507200747.AA15208@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Integration of crypto into Netscape is thus the Big Win.

Crypto *is* integrated into Netscape. Unfortunately, the crypto is SSL
-- a complete waste of time.

Among other things, SSL only lets you authenticate to X.509
certificate roots that have been issued straight from the hands of Jim
Bidzos -- which effectively means that you can secure only connections
with Netscape commerce servers, and that you cannot authenticate both
ends of the communications link. Its also just plain bad -- there are
ugly holes in the security from what I can see. Netscape is, of
course, pushing it as a standard. Vomit.

Luckily, Netscape recently hired Tahir El Gammal (did I put too many
m's there?) and he's a smart guy. Unfortunately, he seems to be in a
position where he has to defend the fairly bad work they did already.

Other web security systems are also on their way out, of course. Our
own Eric Rescorla (who lurks most of the time) is the author of the
SHTTP specification.

> The relevance for Cypherpunks interested in writing code is that, in my
> carefully considered opinion, writing for Netscape and other Web browsers
> is the Big Win. Even over Windows (except Windows browsers, of course).

Netscape is a closed system. You can't write code for it unless you
work for Netscape.

Perry





Thread