From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: jsw@netscape.com>
Message Hash: ebfd289c45ca87d521ad60f5fb79056506b52e6b958976532daa383693e74ce4
Message ID: <sl4wCvKMc50e95ghMA@nsb.fv.com>
Reply To: <199601311753.JAA18008@darkwing.uoregon.edu>
UTC Datetime: 1996-02-03 20:49:09 UTC
Raw Date: Sun, 4 Feb 1996 04:49:09 +0800
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Sun, 4 Feb 1996 04:49:09 +0800
To: jsw@netscape.com>
Subject: Re: FV, Netscape and security as a product
In-Reply-To: <199601311753.JAA18008@darkwing.uoregon.edu>
Message-ID: <sl4wCvKMc50e95ghMA@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain
Excerpts from mail.cypherpunks: 31-Jan-96 Re: FV, Netscape and securi..
Jeff Weinstein@netscape. (985*)
> > Netscape and FV have both taken a
> > "security is a product" stance, which is a gross misrepresentation.
> We are definitely moving away from the "security is a product" stance
> that you mention. It was definitely overdone in the early days of the
> product, but after the security bugs of the summer I and others were
> able to convince marketing that they should back off. I want it to
> be clear what our product can and can not do. For example, SSL can
> only protect data in transit between two machines. If either machine
> is compromised then the data can be stolen at that end. Our product
> does not attempt to secure the user's machine, and can not operate
> securely on an insecure machine. Expect to see warnings and disclaimers
> of this nature from us in the future.
I applaud this clear, sensible, and correct statement. Nicely put, Jeff.
I don't think it's fair for Greg to characterize our approach as
"security is a product". Quite the contrary, we keep talking about
security as a *process*. It's made up of multiple layers, which may
include digital signatures, encryption, hard-to-sniff identifiers,
out-of-band mechanisms, confirmation loops, vigorous investigation of
attempted fraud, and probably many other things, not to mention more
"traditional" aspects of server-level security. -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com
Return to February 1996
Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”