1995-09-03 - Re: SSLRef (SSLtelnet)

Header Data

From: Hal <hfinney@shell.portal.com>
To: don@cs.byu.edu
Message Hash: 8b8ac257b82c263b13a9ac231be371f354ac8156232a172a42e073b54b5a2ba4
Message ID: <199509031948.MAA17974@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1995-09-03 19:49:19 UTC
Raw Date: Sun, 3 Sep 95 12:49:19 PDT

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Sun, 3 Sep 95 12:49:19 PDT
To: don@cs.byu.edu
Subject: Re:  SSLRef (SSLtelnet)
Message-ID: <199509031948.MAA17974@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The link I used recently to get SSLREF is <URL:
http://www.netscape.com/eng/ssl/sslref2.0/index.html>.  I don't now what
kind of export restrictions this enforces.

I was hoping to write a program which would sit on the user's PC and act
as a proxy for Netscape's browser.  It would connect using 128 bit SSL
instead of 40 bit.

The stumbling block is that Netscape won't connect to even the local
proxy unless it sees a valid certificate, one signed by a CA that it
accepts.  For this application I would need such a certificate, and make
the corresponding public and private keys public, hard-coding them into
the proxy.  Since the proxy runs on the same PC as the browser there is
no need for confidentiality between them, and the secret key can be
revealed.

Does anyone have an idea for a way to acquire a certificate acceptable to
Netscape, perhaps one with a "broken key", that could be used for this
purpose?

Hal





Thread