In communicator-pro-v406-export.x86-unknown-linux2.0-glibc2.tar.gz
It seems reasonable to expect that, when accessing a secure server, a
session key would be exchanged _before_ any other communication between the
server and browser. Superficially, this does _not_ seem to be the case with
Netscape's Communicator.
When Communicator accesses a password protected secure site for the first
time, first, I receive a certificate dialog box, second, I receive a
password dialog box, third, I receive a secure document dialog box, fourth,
I receive the web page, and lastly, the lock icon locks. Now this bit with
the lock icon is what doesn't give me that warm-fuzzy-feeling.
Perhaps this is just bad user-interface design on Netscape's part. I would
have expected the lock icon to lock second, right after the certificate
dialog box, and _before_ the the password dialog box. I am skeptical that
this would not be what occurs in practice, but I've got to find out.
Alternatively, the lock icon does, in fact, display the true state of the
SSL negotiation, WHICH IS WHAT IT SHOULD DO, and, in fact, Communicator is
sending the secure site password in clear text, and is not very useful as a
secure browser.
So, please, which is it?
James
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
