[Previous] [Next] [Index]
[Thread]
Re: Netscape's little key icon
> Ok, perhaps this is a FAQ item, but I don't recall having read it
> anywhere. When I open up Netscape, which is admittedly infrequently, I
> see that little key icon in the bottom left corner of the screen. I'm
> told that when it's a solid key with teethies, that means you're talking
> to a "secure server" (if that phrase has any meaning outside of marketing
> materials).
>
> This is my question: How is that determined? If the browser is opened to
> URL A, how does the browser determine whether it's a "secure" thing? By
> looking at the server which houses that URL? By looking at the servers
> to which forms could potentially be submitted?
You might want to take a look at what Netscape says at:
http://home.mcom.com/info/security-doc.htm
http://home.mcom.com/newsref/std/SSL.htm
I think the most basic distinctions are made by looking at the URL schemes.
This is http: for ordinary HTTP, and https: for HTTP tunneled thru SSL
(I think this is conventionally assigned another port).
Once Netscape has connected to a secure server, will authenticate the
server further, cyptographically. In addition to the autheication
described in the SSL protocol, I seem to recall hearing that Netscape
was distributed with some hardcoded key info to allow it to recognize
some server key certificates in the absence of a better certificate
hierarchy. (But this was some months back and I'm not sure what is
currently the case.)
Judging from the messages and how they are described (i.e. "mixed secure/
insecure documents" it sounds like Netscape is making a first cut by
looking at the URLs in a document, then doing more when it contacts
the server.
--
Albert Lunde Albert-Lunde@nwu.edu
References: