From: Hal <hfinney@shell.portal.com>
Date: Sun, 3 Sep 95 12:49:19 PDT
To: don@cs.byu.edu
Subject: Re:  SSLRef (SSLtelnet)
Message-ID: <199509031948.MAA17974@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The link I used recently to get SSLREF is <URL:
http://www.netscape.com/eng/ssl/sslref2.0/index.html>.  I don't now what
kind of export restrictions this enforces.

I was hoping to write a program which would sit on the user's PC and act
as a proxy for Netscape's browser.  It would connect using 128 bit SSL
instead of 40 bit.

The stumbling block is that Netscape won't connect to even the local
proxy unless it sees a valid certificate, one signed by a CA that it
accepts.  For this application I would need such a certificate, and make
the corresponding public and private keys public, hard-coding them into
the proxy.  Since the proxy runs on the same PC as the browser there is
no need for confidentiality between them, and the secret key can be
revealed.

Does anyone have an idea for a way to acquire a certificate acceptable to
Netscape, perhaps one with a "broken key", that could be used for this
purpose?

Hal