From: Eric Murray <ericm@lne.com>
Date: Wed, 31 Jul 1996 03:18:56 +0800
To: source@iaccess.za
Subject: Re: Netscape Security Lies
In-Reply-To: <199607300939.CAA24753@toad.com>
Message-ID: <199607301530.IAA16533@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


source@iaccess.za writes:
> 
> We have just tested Netscape's security page and it seems they are either lying
> or have a major bug.
> 
> All you have to do to confirm this is to go to their page
> http://home.netscape.com/newsref/ref/netscape-security.html#test
> and click on the link under the heading Testing the Secure Server link
> "Here is a secure server you can visit.

I checked this out with baited breath, hoping to find a juicy
Netscape security hole as promised.  Unfortunately, all it is
is a mis-configured httpd server at rsa.com.  It should be
doing SSL but it's not.  A bummer, but probably not a lie and
certainly not a major bug.

> We decided to test further and found that the RSA secure server is only SSL 2 
> and SSL 3 which is what Netscape seems to be touting to the resting of the 
> world saying they have it NOW. Later, if not much later seems far more
> realistic. 

Try ssl3.netscape.com:443.  It's doing ssl3.

> I do not like being lied to, mislead or steam rolled by, how about
> you?

Not at all.  So quit doing it.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF