curity. As general-purpose scripts were introduced on both the client and the server sides, the dangers of accidental and malicious abuse grew. It did not take long for the Web to move from the scientific community to the commercial world. At this point, the security threats became much more serious. The incentive for malicious attackers to exploit vulnerabilities in the underlying technologies is at an all-time high. This is indeed frightening when we consider what attackers of computer systems have accomplished when their only incentive was fun and boosting their egos. When business and profit are at stake, we cannot assume anything less than the most dedicated and resourceful attackers typing their utmost to steal, cheat, and perform malice against users of the Web.When people use their computers to surf the Web, they have many expectations. They expect to find all sorts of interesting information, they expect to have opportunities to shop and they expect to be bombarded with all sorts of ads. Even people who do not use the Web are in jeopardy of being impersonated on the Web.There are simple and advanced methods for ensuring browser security and protecting user privacy. The more simple techniques are user certification schemes, which rely on digital Ids. Netscape Communicator Navigator and Internet Explorer allow users to obtain and use personal certificates. Currently, the only company offering such certificates is Verisign, which offers digital Ids that consist of a certificate of a user’s identity, signed by Verisign. There are four classes of digital Ids, each represents a different level of assurance in the identify, and each comes at an increasingly higher cost. The assurance is determined by the effort that goes into identifying the person requesting the certificate.Class 1 Digital IDs, intended for casual Web browsing, provided users with an unambiguous name and e-mail address within Verisign’s domai...
