1996-02-02 - Re: FV, Netscape and security as a product

Header Data

From: Jeff Weinstein <jsw@netscape.com>
To: cypherpunks@toad.com
Message Hash: c757d072191aae204f2a33dc4a91b94cd6075824d6aca88f83aad1eaf0ba623b
Message ID: <311043FF.186A@netscape.com>
Reply To: <199601311753.JAA18008@darkwing.uoregon.edu>
UTC Datetime: 1996-02-02 05:53:42 UTC
Raw Date: Fri, 2 Feb 1996 13:53:42 +0800

Raw message

From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 2 Feb 1996 13:53:42 +0800
To: cypherpunks@toad.com
Subject: Re: FV, Netscape and security as a product
In-Reply-To: <199601311753.JAA18008@darkwing.uoregon.edu>
Message-ID: <311043FF.186A@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles wrote:
> Netscape and FV have both taken a
> "security is a product" stance, which is a gross misrepresentation.

  We are definitely moving away from the "security is a product" stance
that you mention.  It was definitely overdone in the early days of the
product, but after the security bugs of the summer I and others were
able to convince marketing that they should back off.  I want it to
be clear what our product can and can not do.  For example, SSL can
only protect data in transit between two machines.  If either machine
is compromised then the data can be stolen at that end.  Our product
does not attempt to secure the user's machine, and can not operate
securely on an insecure machine.  Expect to see warnings and disclaimers
of this nature from us in the future.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





Thread