On Wed, 4 Nov 1998, James wrote:
> > Weird. I'm ready to got such question from dumb Winblows user but from
> > Linux user... Unbeliveable :-((
>
> I'm sorry you misunderstood. That was not a question so much as a
> rhetorical question, a comment on the Navigator user interface.
>
Oops.
> > Use mod_ssl logs or such not Netscape lock icon (BTW lock icon in Netscape
> > shows state of RECEIVED document, not state of connection AFAIK)!!!
>
> You see, it is not good to have to tell customers "I know it looks like your
> password is insecure, but, hey, just trust us..." Customers don't care
> about mod_ssl logs or packet dumps.
>
Yes. And there are a trick: make ssl-enabled "welcome page" with link
(or button) to password protected page. When "welcome page" will be
downloaded lock will be in locked state and will not be unlocked even when
you'll be asked about password :-)
> > Are you on drugs ? I could not find other explanation for this try to find
> > SOMETHING about SSL via Netscape buttons!
>
> Actually, I sent this to the mod_ssl mailing list in the hopes that you
> might pressure Netscape to change their user interface. (Hint, hint...)
>
> > In reality not just handshake must be completed but the whole document
> > must be downloaded...
>
> Yep, that's the problem...
>
In fact turned out that lock locks after first receved packet
with actual data :-) Still to late maybe :-((
> >> It seems reasonable to expect that, when accessing a secure server, a
> >> session key would be exchanged _before_ any other communication between
> >> the server and browser. Superficially, this does _not_ seem to be the
> >> case with Netscape's Communicator.
>
> > Of course it is the case with Netscape Communicator, Lynx-SSL and even %$%
> > MS IE...
>
> Glad to have that confirmed. Thanks.
>
In fact all information is encrypted in HTTPS ! Even URL is going ecrypted !
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
