Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 779

Certificates and Authentication
known as nonrepudiation. In other words, signed email makes it very difficult for
the sender to deny having sent the message. This is important for many forms of
business communication. (For information about the way digital signatures work,
see "Digital Signatures," which begins on page 769.)
S/MIME also makes it possible to encrypt email messages. This is also important
for some business users. However, using encryption for email requires careful
planning. If the recipient of encrypted email messages loses his or her private key
and does not have access to a backup copy of the key, for example, the encrypted
messages can never be decrypted.
Form Signing
Many kinds of e-commerce require the ability to provide persistent proof that
someone has authorized a transaction. Although SSL provides transient client
authentication for the duration of an SSL connection, it does not provide persistent
authentication for transactions that may occur during that connection. S/MIME
provides persistent authentication for email, but e-commerce often involves filling
in a form on a web page rather than sending an email.
The Netscape technology known as form signing addresses the need for persistent
authentication of financial transactions. Form signing allows a user to associate a
digital signature with web-based data generated as the result of a transaction, such
as a purchase order or other financial document. The private key associated with
either a client SSL certificate or an S/MIME certificate may be used for this
purpose.
When a user clicks the Submit button on a web-based form that supports form
signing, a dialog box appears that displays the exact text to be signed. The form
designer can either specify the certificate that should be used or allow the user to
select a certificate from among the client SSL and S/MIME certificates that are
installed in Communicator. When the user clicks OK, the text is signed, and both
the text and the digital signature are submitted to the server. The server can then
use a Netscape utility called the Signature Verification Tool to validate the digital
signature.
For more information about support for form signing in Netscape products, see
Netscape Form Signing.
Single Sign-On
Network users are frequently required to remember multiple passwords for the
various services they use. For example, a user might have to type a different
password to log into the network, collect email, use directory services, use the
corporate calendar program, and access various servers. Multiple passwords are an
ongoing headache for both users and system administrators. Users have difficulty
Appendix J Introduction to Public-Key Cryptography 779