HoloWWW - Secure Transactions - NEW

HoloNet does not guarantee security, but provides service utilizing the industry standard tools for security.

Security Info

• Introduction to Crytography
  An introduction to how VeriSign provides electronic security.

• Secure Server Data Sheet
  A quick how and why on the issuing of Digital IDs (certificates) for "secure" servers, based on commonly asked questions for products VeriSign is the Certificate Authority (CA) for (e.g., Netscape Commerce Servers).

• Digital ID Introduction
  An introduction to Digital IDs including answers to commonly asked questions about key management, the RSA public-key cryptosystem, and other public-key algorithms.

Rates

HoloNet generates 512-bit keys. HoloNet retains the private key and will destroy it, but not surrender it, upon request.

Obtaining A Digital ID

• Complete the following form and e-mail it to .
  

  Certificate Generation Form

  Domain Name:
  Country Name (2 letter code):
  State or Province Name (full name):
  Locality Name (city, town, etc.):
  Organization Name (company):
  Organizational Unit Name (division):
  Webmaster email:
  Webmaster phone:
  

• A temporary certificate will be installed for your site and you may begin testing with SSL service.

• You will be e-mailed a Request Transaction Number (RTN). ? Verisign refers to this as a Certificate Signing Request (CSR).

• With this information in hand:
  • Go to http://digitalid.verisign.com/server_ids.html.
  • Select "C2Net (Apache-SSL-US)" as your site's Server Software Vendor.
  • At the bottom of the "Digital IDs for Servers" page, click on "BEGIN".

• After VeriSign has completed your request, they will e-mail you your certificate.

• E-mail the certificate to .

Secure Pages

If the customer has a browser which supports Secure Socket Layer (SSL) transactions, such as Netscape, they can transfer pages securely between their browser and the HoloWWW server.

If the page contains any inline images, these images will need to also be transfered securely or the Netscape client will display them as a broken image.

To allow HoloWWW to tell which pages are to use SSL, all secure pages are placed in different directory from the normal "http". The new directory for secure pages is created called "https".

Because you may have many elements that you may want to share between your secure "https" site and your regular "http" site, a shared directory is also created. The shared directory is installed in the "http directory. It is available via the URLs "https://www.sitename.holowww.com/shared" and "http://www.sitename.holowww.com/shared".

Secure URLs

The root of securely served pages is the "https" directory.

Summary of Directories

http

This directory is for all unsecure pages and graphics.

For unsecure access, use the URL "http://www.yoursite.holowww.com/file".

https

This directory is for all secure pages and graphics.

For secured access, use the URL "https://www.yoursite.holowww.com/file".

http/shared

This directory is for pages that can be accessed either securely or unsecurely.

For unsecure access, use the URL "http://www.yoursite.holowww.com/shared/file".

For secured access, use the URL "https://www.yoursite.holowww.com/shared/file".

In a page, to access another files, the same way as the page was accessed, just use a URL of "/shared/file".

Caveats

Secure E-Mail

PGP is available from for non-commercial use from the MIT distribution site for PGP and commercially from ViaCrypt.

Why Security?

The components in an online store are:

• Web customer with browser supporting SSL security
• Web server supporting secure SSL security.
• Web basket or order form.
• Initiate order fullfilment.
• Payment collection.