1996-03-09 - Re: new netscape servers

Header Data

From: Jeff Weinstein <jsw@netscape.com>
To: Alex Strasheim <alex@proust.suba.com>
Message Hash: 0fb39cfa733fbe00e4264f6983db5391648e2a3018cc338dfb924bb17685cba5
Message ID: <313D5C6A.6A4A@netscape.com>
Reply To: <199603052036.OAA04200@proust.suba.com>
UTC Datetime: 1996-03-09 13:49:06 UTC
Raw Date: Sat, 9 Mar 1996 21:49:06 +0800

Raw message

From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 9 Mar 1996 21:49:06 +0800
To: Alex Strasheim <alex@proust.suba.com>
Subject: Re: new netscape servers
In-Reply-To: <199603052036.OAA04200@proust.suba.com>
Message-ID: <313D5C6A.6A4A@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> 
> From the Netscape home page:
> 
> "Netscape also announced FastTrack Server 2.0, an entry-level Web server
> that combines all the new capabilities of the next-generation Netscape
> Servers into one easy-to-use package.  FastTrack comes with SSL security,
> Java and JavaScript support, and Netscape Navigator Gold content-creation
> software - for only $295."
> 
> There are two reactions we can have to this.  On the one hand, it's a
> good thing because it's going to make SSL servers a lot more popular.
> 
> But at the same time, it raises some serious questoins about how Netscape
> plans on dealing with competitors.  It's not clear whether or not the
> $295 price tag includes a certificate or not.  But is it coincidental
> that people who want to use alternative technology like apacheSSL will
> have to pay the same price for the cert along as Netscape's customers
> will have to pay for a plug and play package?

  As far as I know we are not bundling a certificate.  It doesn't say so
in the press release either, so I wonder what made you think that we were?

> (The rest of this post is based on the assumption that you do get a cert
> with the "fast-track" server.  That's not clear, so if I'm wrong, I
> apologize to the folks at Netscape.)
> 
> There are two things keeping an organization like c2.org from competitng
> with Netcape on price:  verisign and the licensing fees on rsaref.  Both
> companies have close ties to Netscape.

  What do you mean by "close ties to Netscape"?  You are making this sound
like some sort of conspiracy.  We are customers of RSA and Verisign, just
like c2.org or microsoft.com.

> It's imperative that we challenge Netscape's control over the CAs.
> Obviously they can preinstall whatever CAs they want in their browsers.
> 
> But that doesn't mean we're powerless.  I think we ought to:
> 
> (1) form a new non-profit low cost CA

  I encourage you and anyone else who is interested to do this if you want
to.  However I do suggest that you consult a lawyer, since there may be
liability issues involved.  There are a lot of big and medium sized companies
that are entering or about to enter this market.  I'm sure there is room for
some lean low cost ones too.

> (2) make a concerted effort to explain the issue to the public and
> encourage people to ok the new CA.

  Again I encourage you to help in educating the public about the issues
involved.

> (3) try to create a sense that using a preinstalled CA is a form a
> collaboration (this will be hard, but I think it's true).  If enough
> people will use a new CA, then it will be as good as one of the
> pre-installed ones.
> 
> We can't let this sort of power concentrate in Netscape's hands.  It's
> not a question of whether or not they're good people.  It's just a bad
> development for everyone.

  You seem to be under the incorrect impression that Netscape is in some
conspiracy with verisign to control the market for certificates.  Nothing
is further from the truth.  We are taking steps to increase competition in
the market and give users the ultimate choice about who they want to trust.
The ability to add and delete trusted CAs in the 2.0 Navigator is just the
first step.

  We are also working on a written criteria for including CA certs in the
"Netscape provided" set.  I've been involved in writing the criteria, and
have tried to push it in a direction that will allow little guys to
compete on even ground with the big guys.  I don't know when it will be
available since the whole process involves lawyers and issues of liability,
so we just have to wait until they bless it.  As soon as we can make it
available we will.

  I recently created a document that describes how our current products
deal with certificates.  This should be enough on the technical side to
allow anyone to create a CA.  That document can be found at:

	http://home.netscape.com/newsref/std/ssl_2.0_certificate.html

  I hope I have addressed your concerns.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





Thread