Re: Security/Privacy of Certificates in Netscape 3.0

• To: www-security@ns2.rutgers.edu
• Subject: Re: Security/Privacy of Certificates in Netscape 3.0
• From: Wayne Wilson <wwilson@umich.edu>
• Date: Mon, 29 Jul 1996 17:35:20 -0400 ()
• In-Reply-To: <2.2.32.19960729185017.006dec50@dustin.verisign.com>

On Mon, 29 Jul 1996, Paul Meijer wrote:

>
> SSN and birthdate, among other things, are used to authenticate identity.
> This is also why we request a credit card number. We don't charge credit
> cards for services unless we state so EXPLICITLY. We indicate that our Class
> 2 Service is in beta and we state that we do not charge the applicant's
> credit card. We do check the Equifax credit database, and we use the credit
> card check to help authenticate identity.
>
  But do you keep these data items (SSN, Driver's license, VISA)
permanently in some file or database system?  I imagine you could just
keep them until the Equifax on-line query clears and then drop them, or at
least the VISA number part of it.  I am not so concerned with sending any
of this information over SSL (or equivalent encryption) but I am concerned
with what happens to it at your site, and that you never say.  How secure
are your databases?  What kinds of precautions are you taking to prevent
un-authorized access to these databases?  Are they available via an
un-encrypted network stream for things like internal system maintainence
and development? (For example, if you use Oracle as a DBMS, then do you
have SQLNET up and running over TCP/IP and do you force all SQLNET
connections to use encryption?)  Do you use re-useable passwords on your
internal systems or do you use one-time systems?

• Re: Security/Privacy of Certificates in Netscape 3.0
• From: "David W. Morris" <dwm@shell.portal.com>

• Re: Security/Privacy of Certificates in Netscape 3.0
• From: Paul Meijer <meijer@verisign.com>

• Previous: Re: Apache authentication module
• Next: Re[2]: IPX or Banyon
• Index(es):
  • Index
  • Thread