From: Adam Shostack <adam@bwh.harvard.edu>
Date: Mon, 4 Sep 95 19:46:28 PDT
To: hfinney@shell.portal.com (Hal)
Subject: Re: SSLRef (SSLtelnet)
In-Reply-To: <199509031948.MAA17974@jobe.shell.portal.com>
Message-ID: <199509050246.WAA14488@bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


	To get a certificate, you need to talk to Verisign, and give
them a business plan, a key, and 270 bucks per year to get your key
certified.

	Verisign is a spin off of RSA.

| The stumbling block is that Netscape won't connect to even the local
| proxy unless it sees a valid certificate, one signed by a CA that it
| accepts.  For this application I would need such a certificate, and make
| the corresponding public and private keys public, hard-coding them into
| the proxy.  Since the proxy runs on the same PC as the browser there is
| no need for confidentiality between them, and the secret key can be
| revealed.
| 
| Does anyone have an idea for a way to acquire a certificate acceptable to
| Netscape, perhaps one with a "broken key", that could be used for this
| purpose?
| 
| Hal
| 

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume