Hi Samuel!
08 Mar 2001, "Samuel W. Heywood" <[EMAIL PROTECTED]> wrote:
SH> would just crank up my WIN95 machine and use MSIE 3.02. I couldn't
SH> even access the logon screen because of some stupid messages returned
SH> by MSIE saying that the security certificates were not valid.
yes ... the built in root-certs are outdated.
but you can download new ones. (at least Netscape can)
Why the **** are you using Internet Exploder ???????
SH> Then I called the technical support people who operate the online
SH> banking service and I told them about my problem. They said that I
SH> couldn't log on to my online banking site because their system uses
SH> 128 bit encryption
So what .... *_EVERY_* https site uses 128 bit encryption.
Older clients have only 40 'real' random bits ... the rest is 0 out
because of incredibly stupid and silly american regulations !!
SH> and that the only program out there that can deal with it is
SH> Internet Explorer 5.5.
Netscape and propably Opera should work.
The only situation where they will fail is if the site uses (radio) active
X.
But if they do so I would REALLY fast be looking for another banking
service !!!
SH> I asked them if I could simply download a patch or a plugin to
SH> update the listing of the security certificate validation
SH> authorities.
lie ... at least for Netscape
(PS: You should be able to use even the outdated version ...
if you explicitly tell IE that you trust the key that the server sends.)
SH> The correct answer of course is that Bill Gates is trying to
SH> pull the wool over the eyes of the ignorant consumers.
?? not really ...
ssl is an open technology.
look at GPL Projects like apache-ssl (working here on my own server),
open-ssl ....
The only problem is, if somebody is stupid enough to use active-x plugins.
But these people really can't be helped ....
(for those stuff java is really best suited ... and it's standardized, and
there are JVMs for many OSs/Host-CPUs)
(PS: In the time were USA regulation was even more stupid than now, my
banking service used a Java Applet for those poor sould who used crippled
us-export browsers.
They used a tripple-DES algo implemented in Java over the weak 40 bit SSL
link)
SH> Can anyone here help me with discovering some more correct answers?
what was the question ??
How to access the site ??
Install netscape 3, and ignore the message that the certs are outdated and
need a roll-over.
You can also try opera, or a newer 'more bloated' Netscape 4.7
SH> Somewhere there ought to be a small dozeware utility to deal with my
SH> problem.
The problem is not the 128 bit encryption.
Your bank claims that you need IE. (5.5 is IMHO a lie ... any IE over 4
should do it !!!)
Either they use suicidal techniques like active-x. (LEAVE the service
immediately)
Or the simply don't want to support other browsers.
I personally can access my online banking facility with netscape 3 if I
tell it that I trust in the key the server sends.
(it can't determine this for himself, because the cert of the CA, which
signed the servers key is no longer valid)
SH> One thing that would really be cool would be a setup where
SH> I could log on with Lynx386 and then quickly switch over to MSIE 3.02
SH> after the logon was accomplished.
??? why would this be cool ???
SH> I don't know if it would be possible to do that. Does anyone here
SH> know if you can run a DOS internet app while connected via of a
SH> dialup winsock connection?
there is IMHO a shareware winsock->PD shim.
SH> Sam Heywood
CU, Ricsi
--
|~)o _ _o Richard Menedetter <[EMAIL PROTECTED]> {ICQ: 7659421} (PGP)
|~\|(__\| -=> I have seen the evidence - I want DIFFERENT evidence! <=-
