Netscape embraces digital signatures
The company says the latest version of its Web browser adds the ability to use digital signatures, which could encourage more online banking and e-commerce.
Netscape also announced today that the digital-signing capabilities of the 4.04 versions of Navigator and Communicator also work with digital certificates issued by a half-dozen certificate authorities (CAs), plus Netscape's own certificate server.
Netscape's digital signature initiative is aimed at boosting e-commerce and online banking on the Internet, where digital signatures are designed to take the place of handwritten signatures in the physical world.
"Institutions feel comfortable with the paper-based authentication standards they have, and bringing that to the Web enables a lot more businesses to be comfortable with high-value transactions over the Web," Netscape's David Andrews, senior product manager for security, said.
Netscape also has created a server-side tool that works with most Web servers, allowing them to accept digital signatures from Web browsers.
Andrews said Netscape will submit a proposal to an Internet standards body for the way its browser handles digital certificates. Netscape's approach already supports the X.509 digital certificate standard and RSA Data Security's de facto PKCS-7 (public key cryptography standard).
While digital signatures are expected to play a key role in Internet commerce, they do not yet have the legal force of a physical signature, except in Utah. The Clinton administration has urged Congress to hold off on national digital signature legislation, saying it is too early to make laws while the technology is still evolving.
Digital signatures are designed to prove that a particular individual authorized a document, just as in the physical world. Creating a digital signature requires a user to have a digital ID, an electronic document that vouches for the identity of an individual.
Use of digital signatures and digital IDs is considered more secure than authenticating a user with a ID number and password. Online brokerage E*Trade for example, is moving away from passwordsand toward use of digital certificates for trading stocks.
Stronger means of verifying identifies will be even more important, especially to banks, for conducting big financial transactions over the Internet.
For example, the National Automated Clearing House Association (NACHA), which clears paper checks for banks, plans an interoperability pilot next year for CAs to be sure that digital certificates issued by one CA can be accepted by other CAs. Netscape's last browser will be used in that pilot.
Netscape said it is working with CAs BelSign, CertiSign, GTE Cybertrust, IPS Seguridat, Thawte, and VeriSign.
Separately, Utah's Digital Signature Trust (DST) said yesterday it will use CA software from GlobeSet for DST's CA service bureau, the first in the country to win the blessing of a state government--Utah's, in this case. DST's service will issue certificates for charge card transactions using the Secure Electronic Transactions (SET) protocol.