[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AW: Netscape Communicator SSL Roaming Access?



As you know, certs are used for SSL and the root CA Cert of the server you
are trying to communicate with is necessary if the client validates the
SSL connection -- and netscape does try to do this.  So, performing client
certificate authentication is not the issue, it is just SSL
verification.  In short, I suggest you communicate this to the netscape
communicator development team.  And when you figure out who that is -- let
the rest of the world know!!!!

/mrg

On Tue, 16 May 2000 Andreas.Greulich@ISB.admin.ch wrote:

> Date: Tue, 16 May 2000 06:46:51 +0200
> From: Andreas.Greulich@ISB.admin.ch
> To: openldap-general@OpenLDAP.org
> Cc: gettes@georgetown.edu
> Subject: AW: Netscape Communicator SSL Roaming Access?
> 
> Thanks for the info, so I need not search anymore. It really
> is a pity though... I don't really see the chicken/egg
> problem, because it is not primarily client-certificate-
> authentication I am looking for (though this would be very
> nice to have, of course), but just a method to secure
> traffic. An LDAP-over-SSL implementation without certificate
> authentication (except maybe server-to-client) would do it,
> a standard password could then be sent
> over the secured channel. Same as standard HTTP passwords
> over standard (non-browser-certificate-authenticated)
> https traffic. You see, I am not mainly worried
> about easyness of authentication for the moment, but just
> sniffer-safe authentication. Well whatever.. guess it
> cannot be changed, and an additional stunnel or similar
> software is needed. Still, if there's any way to put some
> user input into netscape development, I would appreciate
> a minimal LDAP-over-SSL support very much! Client
> certificates are just a nice-to-have in this context.
> Or maybe a built-in SSL-clientside tunnel that could be
> used like a local proxy.
> 
> 		Andy
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Michael R Gettes [mailto:gettes@Georgetown.EDU]
> Gesendet am: Montag, 15. Mai 2000 17:30
> An: openldap-general@OpenLDAP.org
> Betreff: Re: Netscape Communicator SSL Roaming Access?
> 
> Communicator does not support LDAP or HTTP over SSL
> for just the roaming feature of Communicator.  When I spoke
> with the product manager about this implementation, I was told
> it was a chicken/egg problem regarding any custom certificates.
> Although I disagreed because I was more than willing to handle
> the customization of communicator, it still went out in this form.
> I guess this falls under the heading "the vendor knows more than
> we do".  Bummer.
> 
> /mrg
> 
>