From 775a9a9246cc23dfc671c2c3a7416f2d31ba6e4b Mon Sep 17 00:00:00 2001 From: "cotter%netscape.com" Date: Wed, 13 Jun 2001 01:17:29 +0000 Subject: [PATCH] Updated content for existing help files; added two new help files (all HTML). --- .../resources/locale/en-US/certs_help.html | 63 +++-- .../resources/locale/en-US/certs_help.xhtml | 63 +++-- .../locale/en-US/certs_prefs_help.html | 63 +++++ .../locale/en-US/certs_prefs_help.xhtml | 63 +++++ .../resources/locale/en-US/context_help.html | 46 +++ .../locale/en-US/customize_help.html | 2 +- .../locale/en-US/customize_help.xhtml | 2 +- .../help/resources/locale/en-US/glossary.html | 108 ++++---- .../resources/locale/en-US/glossary.xhtml | 108 ++++---- .../locale/en-US/passwords_help.html | 2 +- .../locale/en-US/passwords_help.xhtml | 2 +- .../resources/locale/en-US/privacy_help.html | 40 ++- .../resources/locale/en-US/privacy_help.xhtml | 40 ++- .../resources/locale/en-US/privsec_help.html | 26 +- .../resources/locale/en-US/privsec_help.xhtml | 26 +- .../help/resources/locale/en-US/ssl_help.html | 29 +- .../resources/locale/en-US/ssl_help.xhtml | 29 +- .../locale/en-US/ssl_page_info_help.html | 4 +- .../locale/en-US/using_certs_help.html | 261 ++++++++++++++---- .../locale/en-US/using_certs_help.xhtml | 261 ++++++++++++++---- .../locale/en-US/using_priv_help.html | 79 +++--- .../locale/en-US/using_priv_help.xhtml | 79 +++--- .../locale/en-US/validation_help.html | 19 +- .../locale/en-US/validation_help.xhtml | 19 +- 24 files changed, 984 insertions(+), 450 deletions(-) create mode 100644 extensions/help/resources/locale/en-US/certs_prefs_help.html create mode 100644 extensions/help/resources/locale/en-US/certs_prefs_help.xhtml create mode 100644 extensions/help/resources/locale/en-US/context_help.html diff --git a/extensions/help/resources/locale/en-US/certs_help.html b/extensions/help/resources/locale/en-US/certs_help.html index c182e5dafed..0e8186c9377 100644 --- a/extensions/help/resources/locale/en-US/certs_help.html +++ b/extensions/help/resources/locale/en-US/certs_help.html @@ -9,24 +9,26 @@ -

Certificate Manager

+

Certificate Manager

-

This section describes how to use the Certificate Manager. If you are not already viewing the Certificate Manager window, follow these steps: +

This section describes how to use the Certificate Manager. For more general information on using certificates, see Using Certificates. + +

If you are not already viewing the Certificate Manager window, follow these steps:

    -
  1. Open the Edit menu and choose Preferences. -
  2. Click Privacy and Security. -
  3. Click Manage Certificates. +
  4. Open the Edit menu and choose Preferences. +
  5. Under the Privacy and Security category, click Certificates. (If no subcategories are visible, click to expand the list.) +
  6. Click Manage Certificates.
+

 

In this section:

-

My Certificates

+

Your Certificates

Web Site Certificates

CA Certificates

-

Security Devices
@@ -34,9 +36,9 @@

 

-

My Certificates

+

Your Certificates

-

The My Certificates tab in the Certificate Manager allows you to examine and work with the certificates you have on file that identify you, and to set related security passwords. To select a certificate, click its name. To select more than one certificate, hold down the Shift key and click the names of those you want to select. +

The Your Certificates tab in the Certificate Manager allows you to examine and work with the certificates you have on file that identify you, and to set related security passwords. To select a certificate, click its name. To select more than one certificate, hold down the Shift key and click the names of those you want to select.

To perform any of the actions listed here, select the certificates on which you want to act and follow these instructions:

-

 

- -

Client Certificate Selection

- -

You can decide how Navigator selects a certificate from among those you have on file to identify you to a web site: -

Return to beginning of SSL Settings section ] diff --git a/extensions/help/resources/locale/en-US/ssl_page_info_help.html b/extensions/help/resources/locale/en-US/ssl_page_info_help.html index 3abc555c9e0..188fb8799a4 100644 --- a/extensions/help/resources/locale/en-US/ssl_page_info_help.html +++ b/extensions/help/resources/locale/en-US/ssl_page_info_help.html @@ -11,7 +11,7 @@

SSL Page Info

-

When you choose Page Info from the View menu, you see information about authentication and encryption for the web page you are viewing. +

When you choose Page Info from the View menu and click the Security tab, you see information about authentication and encryption for the web page you are viewing.

Click the Help button in the Page Info window to see the additional information given here about each combination you may encounter.

@@ -150,7 +150,7 @@ why the web site's certificate is invalid:
-

5/9/2001

+

6/5/2001

Copyright © 1994-2001 Netscape Communications Corporation.

diff --git a/extensions/help/resources/locale/en-US/using_certs_help.html b/extensions/help/resources/locale/en-US/using_certs_help.html index d5f765f8d44..f9b770dbf4d 100644 --- a/extensions/help/resources/locale/en-US/using_certs_help.html +++ b/extensions/help/resources/locale/en-US/using_certs_help.html @@ -9,21 +9,13 @@ -

Using Certificates

+

Using Certificates

A certificate is the digital equivalent of an ID card. Just as you may have several ID cards for different purposes, such as a driver's license, an employee ID card, or a credit card, you can have several different certificates that identify you for different purposes.

-

This section describes how to use the Certificate Manager to work with the certificates you have on file. To open the Certificate Manager, follow these steps: - -

    -
  1. Open the Edit menu and choose Preferences. -
  2. Click Privacy and Security. -
  3. Click Manage Certificates. -
- -

When you are using Certificate Manager windows, you can obtain more detailed instructions by clicking the Help button in the lower-right corner of each window.

- +

This section describes how to perform operations related to certificates. +

 

@@ -41,9 +33,9 @@

 

-

Get Your Own Certificate

+

Get Your Own Certificate

-

Much like a credit card or a driver's license, a certificate is a form of identification you can use to identify yourself over the Internet and other networks. Like other commonly used personal IDs, a certificate is typically issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA). +

Much like a credit card or a driver's license, a certificate is a form of identification you can use to identify yourself over the Internet and other networks. Like other commonly used personal IDs, a certificate is typically issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA).

You can obtain certificates that identify you from public CAs, from system administrators or special CAs within your organization, or from web sites offering specialized services that require a means of identification more reliable that your name and password. @@ -51,13 +43,13 @@

You can obtain a certificate today by visiting the URL for a certificate authority and following the on-screen instructions. For a list of certificate authorities, see the online document Client Certificates.

-

Once you obtain a certificate, it is automatically stored in a security device. Your browser comes with its own built-in software security device. A security device can also be a piece of hardware, such as a smart card.

+

Once you obtain a certificate, it is automatically stored in a security device. Your browser comes with its own built-in software security device. A security device can also be a piece of hardware, such as a smart card.

-

Like a driver's license or a credit card, a certificate is a valuable form of identification that can be abused if it falls into the wrong hands. Once you've obtained a certificate that identifies you, you should protect it in two ways: by backing it up and by setting your master password. +

Like a driver's license or a credit card, a certificate is a valuable form of identification that can be abused if it falls into the wrong hands. Once you've obtained a certificate that identifies you, you should protect it in two ways: by backing it up and by setting your master password.

When you first obtain a certificate, you may be prompted to back it up. If you haven't yet created a master password, you will be asked to create one. -

For detailed information about backing up a certificate and setting your master password, see My Certificates. +

For detailed information about backing up a certificate and setting your master password, see Your Certificates.

@@ -66,14 +58,17 @@

 

-

Check Security for a Web Page

- -

[describes the lock icon and how to open Page Info for a given web page.]

- - +

Check Security for a Web Page

+

Whenever you're viewing a web page, you can choose Page Info from the View menu, then click the Security tab to see information about the security available for that page. +

The Security tab for Page Info provides two kinds of information: +

    +
  • The top half of the panel describes whether the web site displaying the page has been correctly identified. +
  • The bottom half describes whether the page you are viewing is encrypted, and if so what grade of encryption it uses. +
+

If you're not sure what the displayed information means, click the Help button in the Security tab to find out more.

Return to beginning of Using Certificates section ] @@ -82,7 +77,7 @@

 

-

Manage Certificates

+

Manage Certificates

You can use the Certificate Manager to manage the certificates you have available. Certificates may be stored on your computer's hard disk or on smart cards or other security devices attached to your computer.

@@ -90,26 +85,32 @@
  1. Open the Edit menu and choose Preferences. -
  2. Click Privacy/Security. -
  3. Click Manage Certificates. +
  4. Under the Privacy and Security category, choose Certificates. (If no subcategories are visible, click to expand the list.) +
  5. In the Certificates panel, click Manage Certificates.
-

The sections that follow describe some of the tasks you can use the Certificate Manager to perform. For more detailed instructions about using any Certificate Manager window, click the Help button for that window. - -

Manage Certificates that Identify You
-Manage Certificates that Identify Web Sites
-Manage Certificates that Identify Certificate Authorities +

  + + + + +
+

In this section:

+

Manage Certificates that Identify You

+

Manage Certificates that Identify Web Sites

+

Manage Certificates that Identify Certificate Authorities

+

 

-

Manage Certificates that Identify You

+

Manage Certificates that Identify You

-

When you first open the Certificate Manager, you'll notice that it has several tabs across the top of its window. The first tab is called My Certificates, and it displays the certificates your browser has on file that identify you. Your certificates are listed under the names of the organizations that issued them. +

When you first open the Certificate Manager, you'll notice that it has several tabs across the top of its window. The first tab is called Your Certificates, and it displays the certificates your browser has available that identify you. Your certificates are listed under the names of the organizations that issued them.

To perform an action on one or more certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Backup, or Delete button. Each of these buttons brings up another window that allows you to perform the action. Click the Help button in any window to obtain more information about using that window. -

The other buttons in the My Certificates tab don't require you to select a certificate first. You can use them to perform these actions: +

The other buttons under Your Certificates don't require a certificate to be selected. You use them to perform these actions:

  • Restore. Click this button if you want to restore a certificate that you've previously backed up or transferred from one machine to another. @@ -119,7 +120,7 @@
-

For more details about any of these tasks, click the Help button in any Certificate Manager window or see My Certificates. +

For more details about any of these tasks, click the Help button in any Certificate Manager window or see Your Certificates.

@@ -128,13 +129,13 @@

 

-

Manage Certificates that Identify Web Sites

+

Manage Certificates that Identify Web Sites

Some web sites use certificates to identify themselves. Such identification is required before the web site can encrypt information transferred between the site and your computer (or vice versa), so that nobody can read the data while in transit. -

If the URL for a web site begins with https://, the web site has a certificate. If you visit such a web site and its certificate was issued by a CA that your browser doesn't know about or doesn't trust, you will be asked whether you want to accept web site's certificate. When you accept a new web site certificate, the Certificate Manager adds it to its list of web site certificates. +

If the URL for a web site begins with https://, the web site has a certificate. If you visit such a web site and its certificate was issued by a CA the Certificate Manager doesn't know about or doesn't trust, you will be asked whether you want to accept web site's certificate. When you accept a new web site certificate, the Certificate Manager adds it to its list of web site certificates. -

To view all the web site certificates available to your browser, click the tab labeled Web Site Certificates at the top of the Certificate Manager window. +

To view all the web site certificates available to your browser, click the tab labeled Web Sites at the top of the Certificate Manager window.

To perform an action on one or more web site certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Edit, or Delete button. Each of these buttons brings up another window that allows you to perform the corresonding action. Click the Help button in any window to obtain more information about using that window. @@ -150,13 +151,13 @@

 

-

Manage Certificates that Identify Certificate Authorities

+

Manage Certificates that Identify Certificate Authorities

-

Like other commonly used forms of ID, a certificate is issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA). A certificate that identifies a CA is called a CA certificate. +

Like other commonly used forms of ID, a certificate is issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA). A certificate that identifies a CA is called a CA certificate.

Certificate Manager typically has many CA certificates on file. These CA certificates permit Certificate Manager to recognize and work with certificates issued by the corresponding CAs. However, the presence of a CA certificate in this list does not guarantee that the certificates it issues can be trusted. You or your system administrator must make decisions about what kinds of certificates to trust depending on your security needs. -

To view all the CA certificates available to your browser, click the tab labeled Web Site Certificates at the top of the Certificate Manager window. +

To view all the CA certificates available to your browser, click the tab labeled Authorities at the top of the Certificate Manager window.

To perform an action on one or more CA certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Edit, or Delete button. Each of these buttons brings up another window that allows you to perform the action. Click the Help button in any window to obtain more information about using that window. @@ -171,28 +172,137 @@

 

-

Manage Smart Cards and Other Security Devices

+

Manage Smart Cards and Other Security Devices

+ +

A smart card is a small device, typically about the size of a credit card, that contains a microprocessor and is capable of storing information about your identity (such as your private keys and certificates) and performing cryptographic operations. + +

To use a smart card, you typically need to have a smart card reader (a piece of hardware) attached to your computer, as well as software on your computer that controls the reader. + +

A smart card is just one kind of security device. A security device (sometimes called a token) is a hardware or software device that provides cryptographic services and stores information about your identity. To work with smart cards and other security devices, you use the Device Manager. + + +

This section describes how to use the Device Manager to manage security devices. To open the Device Manager, follow these steps: + +

    +
  1. Open the Edit menu and choose Preferences. +
  2. Under the Privacy and Security category, choose Certificates. (If no subcategories are visible, click to expand the list.) +
  3. In the Certificates panel, click Manage Devices. +
+

 

+ + + + +
+

In this section:

+

About Security Devices and Modules

+

Work with Security Devices

+

Work with Security Modules

+

Enable FIPS Mode

+
+ + +

 

+ +

About Security Devices and Modules

+ +

The Device Manager displays a window that lists the available security devices. You can use the Device Manager to manage any security devices, including smart cards, that support the Public Key Cryptography Standard (PKCS) #11. + +

A PKCS #11 module (sometimes called a security module) controls one or more security devices in much the same way that a software driver controls an external device such as a printer or modem. If you are installing a smart card, you must install the PKCS #11 module for the smart card on your computer as well as connecting the smart card reader. + +

By default, the Device Manager controls two internal PKCS #11 modules that manage three security devices: + +

    +
  • Builtin Roots Module controls a special security device called the Builtin Object Token. This token stores the default CA certificates that come with the browser. +
  • Netscape Internal PKCS #11 Module controls two security devices: +
      +
    • Generic Crypto Services is a special security device that performs all cryptographic operations required by the Netscape Internal PKCS #11 Module. +
    • Software Security Device stores your certificates and keys that aren't stored on external security devices, including any CA certificates that you may have installed in addition to those that come with the browser. +
    +
-

[Describes how to open the Cert Manager to the fifth tab and how to add, delete, log into, or log out of security modules and devices.]

Return to beginning of Using Certificates section ]

+

 

+ +

Work With Security Devices

+ +

This section assumes you are looking at the Device Manager. (If you don't know how to open it, click here). + +

The Device Manager lists each available PKCS #11 module in boldface, and the security devices managed by each module below its name. + +

When you select a security device, information about it appears in the middle of the Device Manager window, and some of the buttons on the right side of the window become available. For example, if you select the Software Security Device, you can perform these actions: + +

    +
  • Click Login or Logout to log in or out of the Software Security Device. If you are logging in, you will be asked to supply the master password for the device. You must be logged into a security device before your browser software can use it to provide cryptographic services. +
  • Click Change Password to change the master password for the device. +
+ + +

You can perform these actions on most security devices. However, you cannot perform them on Builtin Object Token or Generic Crypto Services, which are special devices that must normally be available at all times. + + +

+[ Return to beginning of Using Certificates section ] +

+ +

 

+ +

Work With Security Modules

+ +

This section assumes you are looking at the Device Manager. (If you don't know how to open it, click here). + +

Before you can add a PKCS #11 module to the list displayed by the Device Manager, you must first +install the module software on your computer and if necessary connect any associated hardware (such as +a smart card reader). Follow the instructions that come with the hardware. + +

After a new module is installed on your computer, follow these steps to load it: + +

    +
  • Click Load. +
  • In the Load PKCS #11 Module dialog box, click the Browse button, locate the module file, and click Open. +
  • Fill in the Module Name field with the name of the module and click OK. +
+ +

The new module will then show up in the list of modules with the name you assigned to it. + +

To unload a PKCS #11 module, select its name and click Unload. + + +

 

+ +

Enable FIPS Mode

+ +

Federal Information Processing Standards Publications (FIPS PUBS) 140-1 is a US government standard for implementations of cryptographic modules—that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations (such as creating or verifying digital signatures). Many products sold to the US government must comply with one or more of the FIPS standards. + +

To enable FIPS mode for the browser, you use the Device Manager. (If you don't know how to open it, click here). + +

To enable FIPS mode, click the Enable FIPS button. When FIPS is enabled, the name Netscape Internal PKCS #11 Modulee changes to Netscape Internal PKCS #11 Module FIPS and the Enable FIPS button changes to Disable FIPS. + +

To disable FIPS-mode, click Disable FIPS.

+ +

+[ Return to beginning of Using Certificates section ] +

 

-

View or Change SSL Settings

+

Manage SSL Warnings and Settings

-

The Secure Sockets Layer (SSL) protocol allows your computer to exchange information with web site computers in encrypted form--that is, the information is scrambled while in transit so that nobody else can make sense of it. SSL is also used to identify computers on the Internet by means of certificates. +

The Secure Sockets Layer (SSL) protocol allows your computer to exchange information with other computers on the Internet in encrypted form—that is, the information is scrambled while in transit so that nobody else can make sense of it. SSL is also used to identify computers on the Internet by means of certificates. -

Transport Layer Security (TLS) is a new standard based on SSL. By default, the browser supports both SSL and TLS. This approach works for most people, because it guarantees that the browser will work with virtually all other existing software on the Internet that supports any version of SSL or TLS. However, in some circumstances system administrators or other knowledgeable persons may wish to adjust the SSL settings to fine-tune them for special security needs or to account for bugs in some older software products. +

The Transport Layer Security (TLS) protocol is a new standard based on SSL. By default, the browser supports both SSL and TLS. This approach works for most people, because it guarantees that the browser will work with virtually all other existing software on the Internet that supports any version of SSL or TLS. + +

However, in some circumstances system administrators or other knowledgeable persons may wish to adjust the SSL settings to fine-tune them for special security needs or to account for bugs in some older software products.

You shouldn't adust the SSL settings for your browser unless you know what you're doing or have the assistance of someone else who does. If you do need to adjust them for some reason, follow these steps:

  1. Open the Edit menu and choose Preferences. -
  2. Under the Privacy and Security category, select SSL. (If no options are visible under Privacy and Security, click its triangle to expand the list.) +
  3. Under the Privacy and Security category, select SSL. (If no subcategories are visible, click to expand the list.)

For more details, click the Help button in the SSL Settings panel or see SSL Settings. @@ -207,9 +317,64 @@

 

-

View or Change Validation Settings

+

Manage Validation Settings

-

[Describes how use Validation Preferences.]

+

As discussed above under Get Your Own Certificate, a certificate is a form of identification, much like a driver's license, that you can use to identify yourself over the Internet and other networks. However, also like a driver's license, a certificate may be expired or invalid for some other reason. Therefore, your browser software needs to confirm the validity of any given certificate in some way before trusting it for identification purposes. + +

This section describes how Certificate Manager validates certificates and how to control that process. To understand the process, you should have some familiarity with public-key_cryptography. If you are not familiar with the use of certificates, you should check with your system administrator before attempting to change any of your browser's certificate validation settings.

+ + + + + +
+

In this section:

+

How Certificate Validation Works

+

Manage CRLs

+

Configure Certificate Manager for OCSP

+
+

+ +

 

+

How Certificate Validation Works

 + +

Whenever you use or view a certificate stored by Certificate Manager, it takes several steps to verify the certificate. At a minimum, it confirms that the CA's digital signature on the certificate was created by a CA whose own certificate is (1) present in the the Certificate Manager's list of available CA certificates and (2) marked as trusted for issuing the kind of certificate being verified. + +

If the CA certificate is not itself present, the certificate chain for the CA certificate must include a higher-level CA certificate that is present and correctly trusted. Certificate Manager also confirms that the certificate being verified has not been marked as untrusted in the certificate store. If any one of these checks fails, Certificate Manager marks the certificate as unverified and won't recognize the identity it certifies. + +

A certificate can pass all these tests and still be compromised in some way; for example, the certificate may have been revoked because an unauthorized person has gained access to the private key that corresponds to the public key in the certificate. A compromised certificate can allow an unauthorized person (or web site) to pretend to be the certificate owner. + +

One way to combat this threat is for Certificate Manager to check a certificate revocation list (CRL) periodically (see Managing CRLs, below). However, the reliability of CRLs is subject to the frequency with which they are both updated by a server and checked by a client, and their size can sometimes cause delays in the verification process that may not be acceptable to some people. + +

Another way to combat this threat is to use a special server that supports the Online Certificate Status Protocol (OCSP). Such a server can answer client queries about individual certificates (see Configuring Certificate Manager for OCSP, below). The server, called an OCSP responder, receives an updated CRL periodically from the CA that issues the certificates to be verified. You can configure Certificate Manager to submit a status request for a certificate to the OCSP responder, and the OCSP responder confirms whether the certificate is valid. + + +

 

+

Manage CRLs

 + +

The settings that control CRLs are part of Validation preferences. To view Validation preferences, follow these steps: + +

    +
  1. Open the Edit menu and choose Preferences. +
  2. Under the Privacy and Security category, choose Validation. (If no subcategories are visible, click to expand the list.) +
+ +

Click the Manage CRLs in the Validation Settings panel to see a list of the CRLs available to Certificate Manager. To delete a CRL, select it, then click Delete. + + + +

 

+

Configure Certificate Manager for OCSP

 + + +

The settings that control OCSP are part of Validation preferences. To view Validation preferences, follow these steps: + +

    +
  1. Open the Edit menu and choose Preferences. +
  2. Under the Privacy and Security category, choose Validation. (If no subcategories are visible, click to expand the list.) +
+ +

For information about the OCSP options available, see Validation Settings.

Return to beginning of Using Certificates section ] @@ -218,7 +383,7 @@

-

5/9/2001

+

6/12/2001

Copyright © 1994-2001 Netscape Communications Corporation.

diff --git a/extensions/help/resources/locale/en-US/using_certs_help.xhtml b/extensions/help/resources/locale/en-US/using_certs_help.xhtml index d5f765f8d44..f9b770dbf4d 100644 --- a/extensions/help/resources/locale/en-US/using_certs_help.xhtml +++ b/extensions/help/resources/locale/en-US/using_certs_help.xhtml @@ -9,21 +9,13 @@ -

Using Certificates

+

Using Certificates

A certificate is the digital equivalent of an ID card. Just as you may have several ID cards for different purposes, such as a driver's license, an employee ID card, or a credit card, you can have several different certificates that identify you for different purposes.

-

This section describes how to use the Certificate Manager to work with the certificates you have on file. To open the Certificate Manager, follow these steps: - -

    -
  1. Open the Edit menu and choose Preferences. -
  2. Click Privacy and Security. -
  3. Click Manage Certificates. -
- -

When you are using Certificate Manager windows, you can obtain more detailed instructions by clicking the Help button in the lower-right corner of each window.

- +

This section describes how to perform operations related to certificates. +

 

@@ -41,9 +33,9 @@

 

-

Get Your Own Certificate

+

Get Your Own Certificate

-

Much like a credit card or a driver's license, a certificate is a form of identification you can use to identify yourself over the Internet and other networks. Like other commonly used personal IDs, a certificate is typically issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA). +

Much like a credit card or a driver's license, a certificate is a form of identification you can use to identify yourself over the Internet and other networks. Like other commonly used personal IDs, a certificate is typically issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA).

You can obtain certificates that identify you from public CAs, from system administrators or special CAs within your organization, or from web sites offering specialized services that require a means of identification more reliable that your name and password. @@ -51,13 +43,13 @@

You can obtain a certificate today by visiting the URL for a certificate authority and following the on-screen instructions. For a list of certificate authorities, see the online document Client Certificates.

-

Once you obtain a certificate, it is automatically stored in a security device. Your browser comes with its own built-in software security device. A security device can also be a piece of hardware, such as a smart card.

+

Once you obtain a certificate, it is automatically stored in a security device. Your browser comes with its own built-in software security device. A security device can also be a piece of hardware, such as a smart card.

-

Like a driver's license or a credit card, a certificate is a valuable form of identification that can be abused if it falls into the wrong hands. Once you've obtained a certificate that identifies you, you should protect it in two ways: by backing it up and by setting your master password. +

Like a driver's license or a credit card, a certificate is a valuable form of identification that can be abused if it falls into the wrong hands. Once you've obtained a certificate that identifies you, you should protect it in two ways: by backing it up and by setting your master password.

When you first obtain a certificate, you may be prompted to back it up. If you haven't yet created a master password, you will be asked to create one. -

For detailed information about backing up a certificate and setting your master password, see My Certificates. +

For detailed information about backing up a certificate and setting your master password, see Your Certificates.

@@ -66,14 +58,17 @@

 

-

Check Security for a Web Page

- -

[describes the lock icon and how to open Page Info for a given web page.]

- - +

Check Security for a Web Page

+

Whenever you're viewing a web page, you can choose Page Info from the View menu, then click the Security tab to see information about the security available for that page. +

The Security tab for Page Info provides two kinds of information: +

    +
  • The top half of the panel describes whether the web site displaying the page has been correctly identified. +
  • The bottom half describes whether the page you are viewing is encrypted, and if so what grade of encryption it uses. +
+

If you're not sure what the displayed information means, click the Help button in the Security tab to find out more.

Return to beginning of Using Certificates section ] @@ -82,7 +77,7 @@

 

-

Manage Certificates

+

Manage Certificates

You can use the Certificate Manager to manage the certificates you have available. Certificates may be stored on your computer's hard disk or on smart cards or other security devices attached to your computer.

@@ -90,26 +85,32 @@
  1. Open the Edit menu and choose Preferences. -
  2. Click Privacy/Security. -
  3. Click Manage Certificates. +
  4. Under the Privacy and Security category, choose Certificates. (If no subcategories are visible, click to expand the list.) +
  5. In the Certificates panel, click Manage Certificates.
-

The sections that follow describe some of the tasks you can use the Certificate Manager to perform. For more detailed instructions about using any Certificate Manager window, click the Help button for that window. - -

Manage Certificates that Identify You
-Manage Certificates that Identify Web Sites
-Manage Certificates that Identify Certificate Authorities +

  + + + + +
+

In this section:

+

Manage Certificates that Identify You

+

Manage Certificates that Identify Web Sites

+

Manage Certificates that Identify Certificate Authorities

+

 

-

Manage Certificates that Identify You

+

Manage Certificates that Identify You

-

When you first open the Certificate Manager, you'll notice that it has several tabs across the top of its window. The first tab is called My Certificates, and it displays the certificates your browser has on file that identify you. Your certificates are listed under the names of the organizations that issued them. +

When you first open the Certificate Manager, you'll notice that it has several tabs across the top of its window. The first tab is called Your Certificates, and it displays the certificates your browser has available that identify you. Your certificates are listed under the names of the organizations that issued them.

To perform an action on one or more certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Backup, or Delete button. Each of these buttons brings up another window that allows you to perform the action. Click the Help button in any window to obtain more information about using that window. -

The other buttons in the My Certificates tab don't require you to select a certificate first. You can use them to perform these actions: +

The other buttons under Your Certificates don't require a certificate to be selected. You use them to perform these actions:

  • Restore. Click this button if you want to restore a certificate that you've previously backed up or transferred from one machine to another. @@ -119,7 +120,7 @@
-

For more details about any of these tasks, click the Help button in any Certificate Manager window or see My Certificates. +

For more details about any of these tasks, click the Help button in any Certificate Manager window or see Your Certificates.

@@ -128,13 +129,13 @@

 

-

Manage Certificates that Identify Web Sites

+

Manage Certificates that Identify Web Sites

Some web sites use certificates to identify themselves. Such identification is required before the web site can encrypt information transferred between the site and your computer (or vice versa), so that nobody can read the data while in transit. -

If the URL for a web site begins with https://, the web site has a certificate. If you visit such a web site and its certificate was issued by a CA that your browser doesn't know about or doesn't trust, you will be asked whether you want to accept web site's certificate. When you accept a new web site certificate, the Certificate Manager adds it to its list of web site certificates. +

If the URL for a web site begins with https://, the web site has a certificate. If you visit such a web site and its certificate was issued by a CA the Certificate Manager doesn't know about or doesn't trust, you will be asked whether you want to accept web site's certificate. When you accept a new web site certificate, the Certificate Manager adds it to its list of web site certificates. -

To view all the web site certificates available to your browser, click the tab labeled Web Site Certificates at the top of the Certificate Manager window. +

To view all the web site certificates available to your browser, click the tab labeled Web Sites at the top of the Certificate Manager window.

To perform an action on one or more web site certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Edit, or Delete button. Each of these buttons brings up another window that allows you to perform the corresonding action. Click the Help button in any window to obtain more information about using that window. @@ -150,13 +151,13 @@

 

-

Manage Certificates that Identify Certificate Authorities

+

Manage Certificates that Identify Certificate Authorities

-

Like other commonly used forms of ID, a certificate is issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA). A certificate that identifies a CA is called a CA certificate. +

Like other commonly used forms of ID, a certificate is issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA). A certificate that identifies a CA is called a CA certificate.

Certificate Manager typically has many CA certificates on file. These CA certificates permit Certificate Manager to recognize and work with certificates issued by the corresponding CAs. However, the presence of a CA certificate in this list does not guarantee that the certificates it issues can be trusted. You or your system administrator must make decisions about what kinds of certificates to trust depending on your security needs. -

To view all the CA certificates available to your browser, click the tab labeled Web Site Certificates at the top of the Certificate Manager window. +

To view all the CA certificates available to your browser, click the tab labeled Authorities at the top of the Certificate Manager window.

To perform an action on one or more CA certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Edit, or Delete button. Each of these buttons brings up another window that allows you to perform the action. Click the Help button in any window to obtain more information about using that window. @@ -171,28 +172,137 @@

 

-

Manage Smart Cards and Other Security Devices

+

Manage Smart Cards and Other Security Devices

+ +

A smart card is a small device, typically about the size of a credit card, that contains a microprocessor and is capable of storing information about your identity (such as your private keys and certificates) and performing cryptographic operations. + +

To use a smart card, you typically need to have a smart card reader (a piece of hardware) attached to your computer, as well as software on your computer that controls the reader. + +

A smart card is just one kind of security device. A security device (sometimes called a token) is a hardware or software device that provides cryptographic services and stores information about your identity. To work with smart cards and other security devices, you use the Device Manager. + + +

This section describes how to use the Device Manager to manage security devices. To open the Device Manager, follow these steps: + +

    +
  1. Open the Edit menu and choose Preferences. +
  2. Under the Privacy and Security category, choose Certificates. (If no subcategories are visible, click to expand the list.) +
  3. In the Certificates panel, click Manage Devices. +
+

 

+ + + + +
+

In this section:

+

About Security Devices and Modules

+

Work with Security Devices

+

Work with Security Modules

+

Enable FIPS Mode

+
+ + +

 

+ +

About Security Devices and Modules

+ +

The Device Manager displays a window that lists the available security devices. You can use the Device Manager to manage any security devices, including smart cards, that support the Public Key Cryptography Standard (PKCS) #11. + +

A PKCS #11 module (sometimes called a security module) controls one or more security devices in much the same way that a software driver controls an external device such as a printer or modem. If you are installing a smart card, you must install the PKCS #11 module for the smart card on your computer as well as connecting the smart card reader. + +

By default, the Device Manager controls two internal PKCS #11 modules that manage three security devices: + +

    +
  • Builtin Roots Module controls a special security device called the Builtin Object Token. This token stores the default CA certificates that come with the browser. +
  • Netscape Internal PKCS #11 Module controls two security devices: +
      +
    • Generic Crypto Services is a special security device that performs all cryptographic operations required by the Netscape Internal PKCS #11 Module. +
    • Software Security Device stores your certificates and keys that aren't stored on external security devices, including any CA certificates that you may have installed in addition to those that come with the browser. +
    +
-

[Describes how to open the Cert Manager to the fifth tab and how to add, delete, log into, or log out of security modules and devices.]

Return to beginning of Using Certificates section ]

+

 

+ +

Work With Security Devices

+ +

This section assumes you are looking at the Device Manager. (If you don't know how to open it, click here). + +

The Device Manager lists each available PKCS #11 module in boldface, and the security devices managed by each module below its name. + +

When you select a security device, information about it appears in the middle of the Device Manager window, and some of the buttons on the right side of the window become available. For example, if you select the Software Security Device, you can perform these actions: + +

    +
  • Click Login or Logout to log in or out of the Software Security Device. If you are logging in, you will be asked to supply the master password for the device. You must be logged into a security device before your browser software can use it to provide cryptographic services. +
  • Click Change Password to change the master password for the device. +
+ + +

You can perform these actions on most security devices. However, you cannot perform them on Builtin Object Token or Generic Crypto Services, which are special devices that must normally be available at all times. + + +

+[ Return to beginning of Using Certificates section ] +

+ +

 

+ +

Work With Security Modules

+ +

This section assumes you are looking at the Device Manager. (If you don't know how to open it, click here). + +

Before you can add a PKCS #11 module to the list displayed by the Device Manager, you must first +install the module software on your computer and if necessary connect any associated hardware (such as +a smart card reader). Follow the instructions that come with the hardware. + +

After a new module is installed on your computer, follow these steps to load it: + +

    +
  • Click Load. +
  • In the Load PKCS #11 Module dialog box, click the Browse button, locate the module file, and click Open. +
  • Fill in the Module Name field with the name of the module and click OK. +
+ +

The new module will then show up in the list of modules with the name you assigned to it. + +

To unload a PKCS #11 module, select its name and click Unload. + + +

 

+ +

Enable FIPS Mode

+ +

Federal Information Processing Standards Publications (FIPS PUBS) 140-1 is a US government standard for implementations of cryptographic modules—that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations (such as creating or verifying digital signatures). Many products sold to the US government must comply with one or more of the FIPS standards. + +

To enable FIPS mode for the browser, you use the Device Manager. (If you don't know how to open it, click here). + +

To enable FIPS mode, click the Enable FIPS button. When FIPS is enabled, the name Netscape Internal PKCS #11 Modulee changes to Netscape Internal PKCS #11 Module FIPS and the Enable FIPS button changes to Disable FIPS. + +

To disable FIPS-mode, click Disable FIPS.

+ +

+[ Return to beginning of Using Certificates section ] +

 

-

View or Change SSL Settings

+

Manage SSL Warnings and Settings

-

The Secure Sockets Layer (SSL) protocol allows your computer to exchange information with web site computers in encrypted form--that is, the information is scrambled while in transit so that nobody else can make sense of it. SSL is also used to identify computers on the Internet by means of certificates. +

The Secure Sockets Layer (SSL) protocol allows your computer to exchange information with other computers on the Internet in encrypted form—that is, the information is scrambled while in transit so that nobody else can make sense of it. SSL is also used to identify computers on the Internet by means of certificates. -

Transport Layer Security (TLS) is a new standard based on SSL. By default, the browser supports both SSL and TLS. This approach works for most people, because it guarantees that the browser will work with virtually all other existing software on the Internet that supports any version of SSL or TLS. However, in some circumstances system administrators or other knowledgeable persons may wish to adjust the SSL settings to fine-tune them for special security needs or to account for bugs in some older software products. +

The Transport Layer Security (TLS) protocol is a new standard based on SSL. By default, the browser supports both SSL and TLS. This approach works for most people, because it guarantees that the browser will work with virtually all other existing software on the Internet that supports any version of SSL or TLS. + +

However, in some circumstances system administrators or other knowledgeable persons may wish to adjust the SSL settings to fine-tune them for special security needs or to account for bugs in some older software products.

You shouldn't adust the SSL settings for your browser unless you know what you're doing or have the assistance of someone else who does. If you do need to adjust them for some reason, follow these steps:

  1. Open the Edit menu and choose Preferences. -
  2. Under the Privacy and Security category, select SSL. (If no options are visible under Privacy and Security, click its triangle to expand the list.) +
  3. Under the Privacy and Security category, select SSL. (If no subcategories are visible, click to expand the list.)

For more details, click the Help button in the SSL Settings panel or see SSL Settings. @@ -207,9 +317,64 @@

 

-

View or Change Validation Settings

+

Manage Validation Settings

-

[Describes how use Validation Preferences.]

+

As discussed above under Get Your Own Certificate, a certificate is a form of identification, much like a driver's license, that you can use to identify yourself over the Internet and other networks. However, also like a driver's license, a certificate may be expired or invalid for some other reason. Therefore, your browser software needs to confirm the validity of any given certificate in some way before trusting it for identification purposes. + +

This section describes how Certificate Manager validates certificates and how to control that process. To understand the process, you should have some familiarity with public-key_cryptography. If you are not familiar with the use of certificates, you should check with your system administrator before attempting to change any of your browser's certificate validation settings.

+ + + + + +
+

In this section:

+

How Certificate Validation Works

+

Manage CRLs

+

Configure Certificate Manager for OCSP

+
+

+ +

 

+

How Certificate Validation Works

 + +

Whenever you use or view a certificate stored by Certificate Manager, it takes several steps to verify the certificate. At a minimum, it confirms that the CA's digital signature on the certificate was created by a CA whose own certificate is (1) present in the the Certificate Manager's list of available CA certificates and (2) marked as trusted for issuing the kind of certificate being verified. + +

If the CA certificate is not itself present, the certificate chain for the CA certificate must include a higher-level CA certificate that is present and correctly trusted. Certificate Manager also confirms that the certificate being verified has not been marked as untrusted in the certificate store. If any one of these checks fails, Certificate Manager marks the certificate as unverified and won't recognize the identity it certifies. + +

A certificate can pass all these tests and still be compromised in some way; for example, the certificate may have been revoked because an unauthorized person has gained access to the private key that corresponds to the public key in the certificate. A compromised certificate can allow an unauthorized person (or web site) to pretend to be the certificate owner. + +

One way to combat this threat is for Certificate Manager to check a certificate revocation list (CRL) periodically (see Managing CRLs, below). However, the reliability of CRLs is subject to the frequency with which they are both updated by a server and checked by a client, and their size can sometimes cause delays in the verification process that may not be acceptable to some people. + +

Another way to combat this threat is to use a special server that supports the Online Certificate Status Protocol (OCSP). Such a server can answer client queries about individual certificates (see Configuring Certificate Manager for OCSP, below). The server, called an OCSP responder, receives an updated CRL periodically from the CA that issues the certificates to be verified. You can configure Certificate Manager to submit a status request for a certificate to the OCSP responder, and the OCSP responder confirms whether the certificate is valid. + + +

 

+

Manage CRLs

 + +

The settings that control CRLs are part of Validation preferences. To view Validation preferences, follow these steps: + +

    +
  1. Open the Edit menu and choose Preferences. +
  2. Under the Privacy and Security category, choose Validation. (If no subcategories are visible, click to expand the list.) +
+ +

Click the Manage CRLs in the Validation Settings panel to see a list of the CRLs available to Certificate Manager. To delete a CRL, select it, then click Delete. + + + +

 

+

Configure Certificate Manager for OCSP

 + + +

The settings that control OCSP are part of Validation preferences. To view Validation preferences, follow these steps: + +

    +
  1. Open the Edit menu and choose Preferences. +
  2. Under the Privacy and Security category, choose Validation. (If no subcategories are visible, click to expand the list.) +
+ +

For information about the OCSP options available, see Validation Settings.

Return to beginning of Using Certificates section ] @@ -218,7 +383,7 @@

-

5/9/2001

+

6/12/2001

Copyright © 1994-2001 Netscape Communications Corporation.

diff --git a/extensions/help/resources/locale/en-US/using_priv_help.html b/extensions/help/resources/locale/en-US/using_priv_help.html index f9114ae059c..bd5339199e0 100644 --- a/extensions/help/resources/locale/en-US/using_priv_help.html +++ b/extensions/help/resources/locale/en-US/using_priv_help.html @@ -8,26 +8,6 @@ - -

Using Privacy Features

- -

The Internet is a public network of millions of computers, all sharing information. On the Internet, communications move back and forth across public lines and through numerous connections. As with all public lines, eavesdropping is possible.

- -

Fortunately, your browser contains features that safeguard security. Click one of the links below to learn more.

- - -

 

- - - - -
-

In this section:

-

Using the Cookie Manager

-

Using the Password Manager

-

Using the Form Manager

-

Encrypting Stored Sensitive Information

-
@@ -39,7 +19,7 @@
  • Accepts or rejects any requests by the web site to set (store) one or more cookies on your computer. -
  • Accepts or rejects any requests by the web site to read cookies it previously stored on your computer. A web site can't actually read cookies or any other data on your computer---instead, your browser gets the cookies and sends them back to the web site. +
  • Accepts or rejects any requests by the web site to read cookies it previously stored on your computer. A web site can't actually read cookies or any other data on your computer—instead, your browser gets the cookies and sends them back to the web site.
@@ -63,15 +43,17 @@
  1. Open the Edit menu and choose Preferences. -
  2. Under the Advanced category, choose Cookies. (If not options are visible in this category, click to expand the list.) +
  3. Under the Privacy and Security category, choose Cookies. (If no subcategories are visible, click to expand the list.)
  4. Click one of the radio buttons:
      -
    • Enable all cookies: Choose this to permit all web sites to set cookies on your computer and receive them back during subsequent visits. Note: If you choose this option, and later choose to reject all cookies, you may still have some older cookies stored on your computer (though no new ones will be set). +

    • Disable cookies: Choose this to refuse all cookies. + +

    • Enable cookies for the originating web site only: Choose this if you don't want to accept or return Foreign cookies. Cookies received through email (when the message contains a web page) are treated as foreign cookies. + +
    • Enable all cookies: Choose this to permit all web sites to set cookies on your computer and receive them back during subsequent visits. Note: If you select this option, and later choose to reject all cookies, you may still have some older cookies stored on your computer (though no new ones will be set). -
    • Enable cookies for the originating web site only: Foreign cookies are not accepted or returned. Cookies received through email (when the message contains a web page) are treated as foreign cookies. -
    • Disable all cookies: Choose this to refuse all cookies.
  5. If you want to be notified when a web site tries to set a cookie, select "Warn me before accepting a cookie." @@ -91,8 +73,9 @@

    If you wish to change a remembered response later, use Cookie Manager as follows:

      -
    1. Open the Tasks menu, choose Privacy and Security, and then choose Cookie Manager.
      2. -
    2. Click the Cookies Site tab.
      3. +
    3. Open the Tasks menu, choose Privacy and Security, then choose Cookie Manager
      4. +
    4. Choose View Stored Cookies from the submenu. The Cookie Manager window opens with a list of all the cookies stored on your computer.
      5. +
    5. Click the Cookie Sites tab.
    6. The web sites for which you have allowed or denied cookies are listed. Removing a site from the list resets its status, so the next time you visit that site you will be warned if the site attempts to set a cookie.
    @@ -100,7 +83,7 @@
    1. Open the Tasks menu, choose Privacy and Security, and then choose Cookie Manager.
      2. -
    2. Choose "Allow cookies from this site," or "Block cookies from this site."
      3. +
    3. Choose "Allow cookies from this site" or "Block cookies from this site."
    @@ -112,7 +95,7 @@
    1. Open the Tasks menu, choose Privacy and Security, and then choose Cookie Manager. -
    2. Select View Stored Cookies from the submenu. The Cookie Manager window opens with a list of all the cookies stored on your computer.
      3. +
    3. Choose View Stored Cookies from the submenu. The Cookie Manager window opens with a list of all the cookies stored on your computer.
    4. To see details for a particular cookie, click it. The table below explains the information you see.
    @@ -124,7 +107,7 @@
- + @@ -148,8 +131,8 @@ A domain cookie is sent back to any site that's in the same domain as the site t - - + + @@ -168,7 +151,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

To remove one or more cookies from your computer:

  1. Open the Tasks menu, choose Privacy and Security, and then choose Cookie Manager. -
  2. Click the Stored Cookies tab. +
  3. Choose View Stored Cookies from the submenu. The Cookie Manager window opens with a list of all the cookies stored on your computer.
  4. Select one or more cookies and click Remove, or click Remove All Cookies.
@@ -234,7 +217,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t
  1. Open the Edit menu and choose Preferences. -
  2. From the Advanced category, choose Passwords. (If no options are visible in this category, click to expand the list.) +
  3. From the Privacy and Security category, choose Passwords. (If no subcategories are visible, click to expand the list.)
  4. In the Password Manager section, deselect "Remember passwords for sites that require me to log in" to turn Password Manager off.
@@ -261,7 +244,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

Using the Form Manager

-

Many web pages contain forms for you to fill out---order forms for online shopping, information databases, and so forth.

+

Many web pages contain forms for you to fill out—order forms for online shopping, information databases, and so forth.

Form Manager can save the personal data you need to enter when you fill out a form, by storing such information as name, address, phone, credit card numbers, and so forth. Then, when a web site presents you with a form, Form Manager can fill it out automatically.

@@ -292,9 +275,8 @@ A domain cookie is sent back to any site that's in the same domain as the site t
  1. Open the Tasks menu, choose Privacy and Security, and then choose Form Manager. -
  2. Select Interview from the submenu. -
  3. Fill out as many fields as you want. -
  4. When you're finished with the Interview form, open the Edit menu and choose Save Form Data. +
  5. Select Demonstration from the submenu. +
  6. Follow the instructions.
@@ -322,7 +304,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t
  1. Open the Edit menu and choose Preferences. -
  2. Under the Advanced category, choose Forms. (If no options are visible in this category, click to expand the list.) +
  3. Under the Privacy and Security category, choose Forms. (If no subcategories are visible, click to expand the list.)
  4. In the Form Manager section, deselect "Save form data from web pages when completing forms."
@@ -332,7 +314,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

If you provide personal information such as your name, phone number, email address, and so forth, the web site is free to store that information in its database and use it later. A web site might use this information to improve its service to you or target advertising to your interests. A web site could sell the information it has gathered to other companies. -

One way to find out how a web site uses the information it gathers is to check its privacy policy. +

One way to find out how a web site uses the information it gathers is to check its privacy policy.

Before providing personal information on an online form, you must decide whether or not you trust the company---just as you judge whether or not you trust a catalog company before you provide your credit card number on the company's order form. @@ -370,13 +352,13 @@ A domain cookie is sent back to any site that's in the same domain as the site t

Encrypting Stored Sensitive Information

-

To choose encryption:

+

To turn on encryption for your stored sensitive information:

  1. Open the Edit menu and choose Preferences. -
  2. Under the Privacy and Security category, choose Passwords. +
  3. Under the Privacy and Security category, choose Passwords. (If no subcategories are visible, click to expand the list.)
  4. In the Encrypting versus Obscuring section, select "Use encryption when storing sensitive data." Remove the checkmark to turn encryption off. -
  5. Click OK. A new dialog box appears and leads you through the process of choosing a master password. +
  6. Click OK. If you haven't previously set a master password, a new dialog box appears and leads you through the process of setting it.
@@ -384,7 +366,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

Setting a Master Password

-

If you choose encryption, you'll need a master password. With encryption selected, you'll be asked for your master password at least once during a browser session in which you access any of your stored sensitive information.

+

If you choose to encrypt your stored sensitive information, you'll need a master password. With encryption selected, you'll be asked for your master password at least once during a browser session in which you access any of your stored sensitive information.

If you choose encryption, but don't already have a master password, you'll be prompted to create one the first time you try to save or retrieve your sensitive information.

@@ -395,9 +377,10 @@ A domain cookie is sent back to any site that's in the same domain as the site t
  1. Open the Tasks menu, choose Privacy and Security, and then choose Password Manager.
    2. -
  2. Select Change Master Password from the submenu. You see the Change Master Password dialog box. -
  3. Enter your current master password and click OK.
    4. +
  4. Select Change Master Password from the submenu. You see the Set Master Password dialog box. +
  5. Enter your current master password.
  6. Enter your new master password, and retype it to confirm the spelling.
    7. +
  7. Click OK.
@@ -405,7 +388,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

Logging Out of Your Master Password

-

Normally, you are asked for your master password once during each browser session in which you access any of your stored sensitive information. However, you can log out of your master password so that it must be entered again before any sensitive information can be stored or retreived. This is useful if you are going to leave your computer unattended for a period of time.

+

Normally, you are asked for your master password once during each browser session in which you access any of your stored sensitive information. However, you can log out of your master password so that it must be entered again before any sensitive information can be stored or retrieved. This is useful if you are going to leave your computer unattended for a period of time.

To log out of your master password:

@@ -450,7 +433,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t
-

5/9/2001

+

6/12/2001

Copyright © 1994-2001 Netscape Communications Corporation.

diff --git a/extensions/help/resources/locale/en-US/using_priv_help.xhtml b/extensions/help/resources/locale/en-US/using_priv_help.xhtml index f9114ae059c..bd5339199e0 100644 --- a/extensions/help/resources/locale/en-US/using_priv_help.xhtml +++ b/extensions/help/resources/locale/en-US/using_priv_help.xhtml @@ -8,26 +8,6 @@ - -

Using Privacy Features

- -

The Internet is a public network of millions of computers, all sharing information. On the Internet, communications move back and forth across public lines and through numerous connections. As with all public lines, eavesdropping is possible.

- -

Fortunately, your browser contains features that safeguard security. Click one of the links below to learn more.

- - -

 

-
Cookie NameName This is the name assigned to the cookie by its originater.
Secure ServerThis lists whether the cookie was sent over a secure server. If a cookie is secure, it will only be sent over a secure (https) connection. Before sending a secure cookie, your browser checks the connection and will not send if the connection is not secure.Server SecureThis indicates whether the cookie was sent over a secure server. If a cookie is secure, it will only be sent over a secure (https) connection. Before sending a secure cookie, your browser checks the connection and will not send if the connection is not secure.
- - - -
-

In this section:

-

Using the Cookie Manager

-

Using the Password Manager

-

Using the Form Manager

-

Encrypting Stored Sensitive Information

-
@@ -39,7 +19,7 @@
  • Accepts or rejects any requests by the web site to set (store) one or more cookies on your computer. -
  • Accepts or rejects any requests by the web site to read cookies it previously stored on your computer. A web site can't actually read cookies or any other data on your computer---instead, your browser gets the cookies and sends them back to the web site. +
  • Accepts or rejects any requests by the web site to read cookies it previously stored on your computer. A web site can't actually read cookies or any other data on your computer—instead, your browser gets the cookies and sends them back to the web site.
@@ -63,15 +43,17 @@
  1. Open the Edit menu and choose Preferences. -
  2. Under the Advanced category, choose Cookies. (If not options are visible in this category, click to expand the list.) +
  3. Under the Privacy and Security category, choose Cookies. (If no subcategories are visible, click to expand the list.)
  4. Click one of the radio buttons:
      -
    • Enable all cookies: Choose this to permit all web sites to set cookies on your computer and receive them back during subsequent visits. Note: If you choose this option, and later choose to reject all cookies, you may still have some older cookies stored on your computer (though no new ones will be set). +

    • Disable cookies: Choose this to refuse all cookies. + +

    • Enable cookies for the originating web site only: Choose this if you don't want to accept or return Foreign cookies. Cookies received through email (when the message contains a web page) are treated as foreign cookies. + +
    • Enable all cookies: Choose this to permit all web sites to set cookies on your computer and receive them back during subsequent visits. Note: If you select this option, and later choose to reject all cookies, you may still have some older cookies stored on your computer (though no new ones will be set). -
    • Enable cookies for the originating web site only: Foreign cookies are not accepted or returned. Cookies received through email (when the message contains a web page) are treated as foreign cookies. -
    • Disable all cookies: Choose this to refuse all cookies.
  5. If you want to be notified when a web site tries to set a cookie, select "Warn me before accepting a cookie." @@ -91,8 +73,9 @@

    If you wish to change a remembered response later, use Cookie Manager as follows:

      -
    1. Open the Tasks menu, choose Privacy and Security, and then choose Cookie Manager.
      2. -
    2. Click the Cookies Site tab.
      3. +
    3. Open the Tasks menu, choose Privacy and Security, then choose Cookie Manager
      4. +
    4. Choose View Stored Cookies from the submenu. The Cookie Manager window opens with a list of all the cookies stored on your computer.
      5. +
    5. Click the Cookie Sites tab.
    6. The web sites for which you have allowed or denied cookies are listed. Removing a site from the list resets its status, so the next time you visit that site you will be warned if the site attempts to set a cookie.
    @@ -100,7 +83,7 @@
    1. Open the Tasks menu, choose Privacy and Security, and then choose Cookie Manager.
      2. -
    2. Choose "Allow cookies from this site," or "Block cookies from this site."
      3. +
    3. Choose "Allow cookies from this site" or "Block cookies from this site."
    @@ -112,7 +95,7 @@
    1. Open the Tasks menu, choose Privacy and Security, and then choose Cookie Manager. -
    2. Select View Stored Cookies from the submenu. The Cookie Manager window opens with a list of all the cookies stored on your computer.
      3. +
    3. Choose View Stored Cookies from the submenu. The Cookie Manager window opens with a list of all the cookies stored on your computer.
    4. To see details for a particular cookie, click it. The table below explains the information you see.
    @@ -124,7 +107,7 @@
- + @@ -148,8 +131,8 @@ A domain cookie is sent back to any site that's in the same domain as the site t - - + + @@ -168,7 +151,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

To remove one or more cookies from your computer:

  1. Open the Tasks menu, choose Privacy and Security, and then choose Cookie Manager. -
  2. Click the Stored Cookies tab. +
  3. Choose View Stored Cookies from the submenu. The Cookie Manager window opens with a list of all the cookies stored on your computer.
  4. Select one or more cookies and click Remove, or click Remove All Cookies.
@@ -234,7 +217,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t
  1. Open the Edit menu and choose Preferences. -
  2. From the Advanced category, choose Passwords. (If no options are visible in this category, click to expand the list.) +
  3. From the Privacy and Security category, choose Passwords. (If no subcategories are visible, click to expand the list.)
  4. In the Password Manager section, deselect "Remember passwords for sites that require me to log in" to turn Password Manager off.
@@ -261,7 +244,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

Using the Form Manager

-

Many web pages contain forms for you to fill out---order forms for online shopping, information databases, and so forth.

+

Many web pages contain forms for you to fill out—order forms for online shopping, information databases, and so forth.

Form Manager can save the personal data you need to enter when you fill out a form, by storing such information as name, address, phone, credit card numbers, and so forth. Then, when a web site presents you with a form, Form Manager can fill it out automatically.

@@ -292,9 +275,8 @@ A domain cookie is sent back to any site that's in the same domain as the site t
  1. Open the Tasks menu, choose Privacy and Security, and then choose Form Manager. -
  2. Select Interview from the submenu. -
  3. Fill out as many fields as you want. -
  4. When you're finished with the Interview form, open the Edit menu and choose Save Form Data. +
  5. Select Demonstration from the submenu. +
  6. Follow the instructions.
@@ -322,7 +304,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t
  1. Open the Edit menu and choose Preferences. -
  2. Under the Advanced category, choose Forms. (If no options are visible in this category, click to expand the list.) +
  3. Under the Privacy and Security category, choose Forms. (If no subcategories are visible, click to expand the list.)
  4. In the Form Manager section, deselect "Save form data from web pages when completing forms."
@@ -332,7 +314,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

If you provide personal information such as your name, phone number, email address, and so forth, the web site is free to store that information in its database and use it later. A web site might use this information to improve its service to you or target advertising to your interests. A web site could sell the information it has gathered to other companies. -

One way to find out how a web site uses the information it gathers is to check its privacy policy. +

One way to find out how a web site uses the information it gathers is to check its privacy policy.

Before providing personal information on an online form, you must decide whether or not you trust the company---just as you judge whether or not you trust a catalog company before you provide your credit card number on the company's order form. @@ -370,13 +352,13 @@ A domain cookie is sent back to any site that's in the same domain as the site t

Encrypting Stored Sensitive Information

-

To choose encryption:

+

To turn on encryption for your stored sensitive information:

  1. Open the Edit menu and choose Preferences. -
  2. Under the Privacy and Security category, choose Passwords. +
  3. Under the Privacy and Security category, choose Passwords. (If no subcategories are visible, click to expand the list.)
  4. In the Encrypting versus Obscuring section, select "Use encryption when storing sensitive data." Remove the checkmark to turn encryption off. -
  5. Click OK. A new dialog box appears and leads you through the process of choosing a master password. +
  6. Click OK. If you haven't previously set a master password, a new dialog box appears and leads you through the process of setting it.
@@ -384,7 +366,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

Setting a Master Password

-

If you choose encryption, you'll need a master password. With encryption selected, you'll be asked for your master password at least once during a browser session in which you access any of your stored sensitive information.

+

If you choose to encrypt your stored sensitive information, you'll need a master password. With encryption selected, you'll be asked for your master password at least once during a browser session in which you access any of your stored sensitive information.

If you choose encryption, but don't already have a master password, you'll be prompted to create one the first time you try to save or retrieve your sensitive information.

@@ -395,9 +377,10 @@ A domain cookie is sent back to any site that's in the same domain as the site t
  1. Open the Tasks menu, choose Privacy and Security, and then choose Password Manager.
    2. -
  2. Select Change Master Password from the submenu. You see the Change Master Password dialog box. -
  3. Enter your current master password and click OK.
    4. +
  4. Select Change Master Password from the submenu. You see the Set Master Password dialog box. +
  5. Enter your current master password.
  6. Enter your new master password, and retype it to confirm the spelling.
    7. +
  7. Click OK.
@@ -405,7 +388,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t

Logging Out of Your Master Password

-

Normally, you are asked for your master password once during each browser session in which you access any of your stored sensitive information. However, you can log out of your master password so that it must be entered again before any sensitive information can be stored or retreived. This is useful if you are going to leave your computer unattended for a period of time.

+

Normally, you are asked for your master password once during each browser session in which you access any of your stored sensitive information. However, you can log out of your master password so that it must be entered again before any sensitive information can be stored or retrieved. This is useful if you are going to leave your computer unattended for a period of time.

To log out of your master password:

@@ -450,7 +433,7 @@ A domain cookie is sent back to any site that's in the same domain as the site t
-

5/9/2001

+

6/12/2001

Copyright © 1994-2001 Netscape Communications Corporation.

diff --git a/extensions/help/resources/locale/en-US/validation_help.html b/extensions/help/resources/locale/en-US/validation_help.html index 16ab18d802d..1d843c61902 100644 --- a/extensions/help/resources/locale/en-US/validation_help.html +++ b/extensions/help/resources/locale/en-US/validation_help.html @@ -9,7 +9,7 @@ -

Validation Settings

+

Validation Settings

This section describes how to use the Validation Settings panel. If you are not already viewing the panel, follow these steps: @@ -18,13 +18,28 @@

  • Under the Privacy and Security category, choose Validation. (If no options are visible under Privacy and Security, click its triangle to expand the list.) +

    OCSP

    + +

    The Online Certificate Status Protocol (OCSP) makes it possible for Certificate Manager to perform an online check of a certificate's validity each time the certificate is viewed or used. This process involves checking the certificate against a certificate revocation list (CRL) maintained at a specified web site. Your computer must be online for OCSP to work.

    + +

    To specify how Certificate Manager uses OCSP, choose one of these settings in the OCSP section of Validation Settings:

    + +
      +
    • Do not use OCSP for certificate verification. Select this setting if you don't want Certificate Manager to perform an on-line status check each time it verifies a certificate. Instead, whenever Certificate Manager performs certificate verification, it only confirms the certificate's validity period and that it is correctly signed by a CA whose own CA certificate is both listed under the CA Certificates tab (in the main Certificate Manager window) and marked as trusted for issuing that kind of certificate.
      • +
    • Use OCSP to verify only certificates that specify an OCSP service URL. Select this setting if you want Certificate Manager perform an on-line status check each time it verifies a certificate that specifies a URL for the purpose of performing such a check. If a URL is specified by the certificate, Certificate Manager makes sure that the certificate is listed there as valid as well as performing the standard checks of validity period and trust settings.
      • +
    • Use OCSP to verify all certificates, using the URL and signer specified here. Select this setting if you want Certificate Manager to perform an on-line status check each time it verifies any certificate. If you select this setting, you should also choose the certificate from the Response Signer pop-up menu that identifies the signer of the OCSP responses. With this setting, the only certificates Certificate Manager recognizes are those that can be verified by an OCSP response signed with the Response Signer certificate (or signed using a certificate that chains to it).

      + +When you choose a Response Signer certificate from the pop-up menu, Certificate Manager fills in the Service URL (if available) for that signer automatically. If the Service URL is not filled in automatically, you must provide it yourself; ask your system administrator for details.
      • +
    + +

    Return to beginning of Validation Settings section ]

    -

    2/5/2001

    +

    6/12/2001

    Copyright © 1994-2001 Netscape Communications Corporation.

    diff --git a/extensions/help/resources/locale/en-US/validation_help.xhtml b/extensions/help/resources/locale/en-US/validation_help.xhtml index 16ab18d802d..1d843c61902 100644 --- a/extensions/help/resources/locale/en-US/validation_help.xhtml +++ b/extensions/help/resources/locale/en-US/validation_help.xhtml @@ -9,7 +9,7 @@ -

    Validation Settings

    +

    Validation Settings

    This section describes how to use the Validation Settings panel. If you are not already viewing the panel, follow these steps: @@ -18,13 +18,28 @@

  • Under the Privacy and Security category, choose Validation. (If no options are visible under Privacy and Security, click its triangle to expand the list.) +

    OCSP

    + +

    The Online Certificate Status Protocol (OCSP) makes it possible for Certificate Manager to perform an online check of a certificate's validity each time the certificate is viewed or used. This process involves checking the certificate against a certificate revocation list (CRL) maintained at a specified web site. Your computer must be online for OCSP to work.

    + +

    To specify how Certificate Manager uses OCSP, choose one of these settings in the OCSP section of Validation Settings:

    + +
      +
    • Do not use OCSP for certificate verification. Select this setting if you don't want Certificate Manager to perform an on-line status check each time it verifies a certificate. Instead, whenever Certificate Manager performs certificate verification, it only confirms the certificate's validity period and that it is correctly signed by a CA whose own CA certificate is both listed under the CA Certificates tab (in the main Certificate Manager window) and marked as trusted for issuing that kind of certificate.
      • +
    • Use OCSP to verify only certificates that specify an OCSP service URL. Select this setting if you want Certificate Manager perform an on-line status check each time it verifies a certificate that specifies a URL for the purpose of performing such a check. If a URL is specified by the certificate, Certificate Manager makes sure that the certificate is listed there as valid as well as performing the standard checks of validity period and trust settings.
      • +
    • Use OCSP to verify all certificates, using the URL and signer specified here. Select this setting if you want Certificate Manager to perform an on-line status check each time it verifies any certificate. If you select this setting, you should also choose the certificate from the Response Signer pop-up menu that identifies the signer of the OCSP responses. With this setting, the only certificates Certificate Manager recognizes are those that can be verified by an OCSP response signed with the Response Signer certificate (or signed using a certificate that chains to it).

      + +When you choose a Response Signer certificate from the pop-up menu, Certificate Manager fills in the Service URL (if available) for that signer automatically. If the Service URL is not filled in automatically, you must provide it yourself; ask your system administrator for details.
      • +
    + +

    Return to beginning of Validation Settings section ]

    -

    2/5/2001

    +

    6/12/2001

    Copyright © 1994-2001 Netscape Communications Corporation.

    • Cookie NameName This is the name assigned to the cookie by its originater.
    Secure ServerThis lists whether the cookie was sent over a secure server. If a cookie is secure, it will only be sent over a secure (https) connection. Before sending a secure cookie, your browser checks the connection and will not send if the connection is not secure.Server SecureThis indicates whether the cookie was sent over a secure server. If a cookie is secure, it will only be sent over a secure (https) connection. Before sending a secure cookie, your browser checks the connection and will not send if the connection is not secure.