[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AW: Netscape Communicator SSL Roaming Access?

To: Andreas.Greulich@isb.admin.ch
Subject: Re: AW: Netscape Communicator SSL Roaming Access?
From: Michael R Gettes <gettes@georgetown.edu>
Date: Tue, 16 May 2000 09:50:42 -0400 (Eastern Daylight Time)
Cc: openldap-general@OpenLDAP.org
In-reply-to: <08CC1787EEE6D311804A0008C72813EA2354AE@bfi0001.bfi.admin.ch>

As you know, certs are used for SSL and the root CA Cert of the server you
are trying to communicate with is necessary if the client validates the
SSL connection -- and netscape does try to do this.  So, performing client
certificate authentication is not the issue, it is just SSL
verification.  In short, I suggest you communicate this to the netscape
communicator development team.  And when you figure out who that is -- let
the rest of the world know!!!!

/mrg

On Tue, 16 May 2000 Andreas.Greulich@ISB.admin.ch wrote:

> Date: Tue, 16 May 2000 06:46:51 +0200
> From: Andreas.Greulich@ISB.admin.ch
> To: openldap-general@OpenLDAP.org
> Cc: gettes@georgetown.edu
> Subject: AW: Netscape Communicator SSL Roaming Access?
> 
> Thanks for the info, so I need not search anymore. It really
> is a pity though... I don't really see the chicken/egg
> problem, because it is not primarily client-certificate-
> authentication I am looking for (though this would be very
> nice to have, of course), but just a method to secure
> traffic. An LDAP-over-SSL implementation without certificate
> authentication (except maybe server-to-client) would do it,
> a standard password could then be sent
> over the secured channel. Same as standard HTTP passwords
> over standard (non-browser-certificate-authenticated)
> https traffic. You see, I am not mainly worried
> about easyness of authentication for the moment, but just
> sniffer-safe authentication. Well whatever.. guess it
> cannot be changed, and an additional stunnel or similar
> software is needed. Still, if there's any way to put some
> user input into netscape development, I would appreciate
> a minimal LDAP-over-SSL support very much! Client
> certificates are just a nice-to-have in this context.
> Or maybe a built-in SSL-clientside tunnel that could be
> used like a local proxy.
> 
> 		Andy
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Michael R Gettes [mailto:gettes@Georgetown.EDU]
> Gesendet am: Montag, 15. Mai 2000 17:30
> An: openldap-general@OpenLDAP.org
> Betreff: Re: Netscape Communicator SSL Roaming Access?
> 
> Communicator does not support LDAP or HTTP over SSL
> for just the roaming feature of Communicator.  When I spoke
> with the product manager about this implementation, I was told
> it was a chicken/egg problem regarding any custom certificates.
> Although I disagreed because I was more than willing to handle
> the customization of communicator, it still went out in this form.
> I guess this falls under the heading "the vendor knows more than
> we do".  Bummer.
> 
> /mrg
> 
>

References:
- AW: Netscape Communicator SSL Roaming Access?
  - From: Andreas.Greulich@isb.admin.ch

Prev by Date: AW: Netscape Communicator SSL Roaming Access?
Next by Date: Search for things other than names in Outlook 98
Index(es):
- Chronological
- Thread