Netscape 4.0 Security Features

This month I would like to tell you about the new security features in Netscape Communicator 4.0. These features make it easier and safer to use the internet. The new features include:

• • Signed e-mail. You can sign an e-mail message so that the receiver knows that the e-mail message is from you.

  • Secure e-mail. You can encrypt your e-mail message so that only the receiver can read it.

  • Signed JavaScript and Java. JavaScript and Java programs can be signed to prove who wrote them.

  • JavaScript and Java Privileges. You can control how much access a particular program can have to specific parts of your computer.

These new security features in Netscape Communicator 4.0 are based on the concept of digital signatures. Digital signatures are like real-world signatures, except that:

• • Digital signatures can't be forged. - If you try, the forgery will be detected.

  • Digital signatures can be verified. - You can prove the identity of the signer.

  • Digitally signed documents can't be tampered with. - Readers of the document can determine that the signature doesn't match the new version of the document.

Given the usefulness of signatures in the real world, combined with the added benefits of digital signatures, it is very likely that digitally signed documents will become a common part of on-line life.

How does a Digital Signature Work?

A signature is a unique, hard-to-copy pattern. The most common pattern used in real-world signatures is a person's handwritten names. But for more official documents people might use elaborately carved stamps, chops, or seals.

A digital signature is also a unique, hard-to-copy pattern. How can that be? Isn't one of the great benefits of digital information that it can be easily copied an infinite number of times? It turns out that some clever mathematicians have figured out how to make a digital signature that is both unique and hard-to-copy. The secret is to use "Public Key Encryption".

Public Key Encryption relies on the fact that certain "one-way" mathematical operations are much easier to do than to undo. For example, it is much easier to multiply two large prime numbers together than it is to factor the resulting large number into the original two prime numbers. For really large numbers, it can take a fraction of a second to perform the multiplication, but hundreds of millions of years to perform the factoring.

Public Key Encryption uses these kinds of "one-way" operations to create a pair of functions, called E and D, with the following mathematical properties:

• 1. D(E(x)) = x

  2. E(D(x)) = x

  3. Even if you know what E is, you can't figure out what D is.

To use Public Key Encryption to send a private message, you make the E function public, while keeping the D function private. When people want to send you a secure message, x, they first apply your E function to it, producing E(x), which they send to you. You apply your private D function, producing D(E(x)), which gives you the original message x. Nobody else can read the message because nobody else knows your private function "D".

You can also use Public Key Encryption to sign a document. You do it by taking a known phrase, like your name, and applying your secret function to produce D(your name). Then you attach D(your name) to the document. To verify that it is you who signed the document, a person applies your public function E. This produces E(D(your name)), which gives the original signature "your name". Nobody else could have created the signature, because nobody else knows your private function "D". By including a compressed version of the whole document in the signature, you can prevent a document from being changed after you've signed it. (The person who alters the document can't alter the compressed version that's inside your signature.)

Perhaps you've spotted the one weakness in this scheme -- although it proves that a message came from someone who has a particular private key, it doesn't prove anything about the identity of that person. How can you be sure that someone you meet on the net is who they say they are?

Here is the way Netscape (and other companies involved in internet security) has solved this problem: Each digital signature includes a certificate that says that it is authentic. Certificates are issued by organizations called certificate authorities. As a user, you can decide which certificate authorities you trust. If you decide that a particular certificate authority is not trustworthy, you can tell Netscape Navigator to not accept that authority's certificates.

Each certificate authority can issue several classes of certificate. Although there is no formal standard, the presumption is that a "Class 1" certificate is easier to get (and therefore has a greater chance of being from someone who is not who they say they are) than a Class 2 or Class 3 certificate. You can choose to accept only certain classes of certificates if you want the extra security.

How to Get a Certificate

The process of getting digital certificate varies with the certificate authority. For class 1 certificates, though, it's usually pretty easy: You visit a certificate authority's web site, fill out a form, and in a few minutes you've got your certificate. Higher class certificates require more documentation -- such as having to show a passport, or a valid business licence.

Nobody knows how much certificates will cost. Some of the certificate authorities are giving class 1 certificates away for now, but hope to charge a $6 a year fee in the future. At least healthy competition between competing certificate authorities should help keep prices low!

Specific Uses of Digital Signatures

Signed e-mail

Once you have a certificate, you can sign documents. The main type of document most people will sign will be e-mail. It is likely that signed e-mail will come to be treated by the courts the same way that a physically signed document is. This will enable people to conduct business over the internet.

Encrypted e-mail

In addition to signing e-mail you can also encrypt the message, so that only your recipient can read it. Although encryption is very useful for ensuring privacy, it is a controversial practice. Some governments do not wish to give so much power to private individuals. For example, the French government bans encrypted e-mail, because it believes that encryption makes it too easy for criminals to exchange information. Other countires, such as the United States, limit the strength of the encryption algorithms that can be exported, in the hopes that extremely powerful computers can be used to decrypt the weaker algorithms when nescessary.

Signed programs

Another important use of digital signatures is to sign programs. If a program is signed you can be sure you know who wrote the program, and you can be sure that no computer virus has infected the program since it was written.

This makes it safer to run a program that you have received from the Internet, such as a Java or JavaScript program.

Netscape Privilege Manager

Some web browsers have an all-or-nothing approach to signed programs -- either a program is trusted, with complete access to your computer, or it is not trusted, and has no access to your computer. Netscape 4.0 has a more precise approach to security -- programs can ask for specific privileges, and you can choose which ones to grant. This lets you give a programs limited powers, without having to give it access to your entire computer. Here are some of the different privileges:

• • Read files.

  • Write files.

  • Make network connections to other computers.

  • Run other programs on your computer.

An example of where this precise control is useful is JJReader, the Japanese-to-English translation program I wrote about a few months ago. JJReader needs a special privilege: it needs to be able to read its dictionary file, which is stored on your computer. You can grant JJViewer the right to read its dictionary file, without also having to grant it the more dangerous privilege of being able to write to your hard disk or use the network to connect to other computers. So there is no way for JJReader to damage your files or send information from your computer to other computers.

Conclusion

I hope you'll try some of the security features in the new version on Netscape Communicator. By keeping viruses and computer hackers out of your programs and e-mail, these features should make it easier and safer to use the Internet for work and for play.