About Netscape Collabra

Learn what you need to do to access discussion groups on your groups server.

Netscape Collabra enables you to participate in Collabra discussion groups. To participate in a discussion group, you must:

1. Open your discussion groups server.
2. List discussion groups provided by your groups server.

When you list discussion groups available to you, you can subscribe to them, or you can browse without subscribing. Click one of the following topics to learn about:

• Opening Your Groups Server
• Setting Groups Server Preferences (Windows only)
• Listing and Subscribing to Groups
• Opening and Browsing a Discussion Group

---

Opening Your Discussion Groups Server

Learn how to open your groups server, so you can access, update, and subscribe to discussion groups it hosts.

To open your groups server:

1. Open your Message Center by clicking Discussion Groups on the component bar, which can float on your desktop or reside in the lower-right corner of any Communicator window:



2. In your Message Center window, open your primary groups server by opening the control to the left of the server name.

To open a groups server other than your primary server, select the groups server and open its control.

Details

When you open your groups server:

• The Message Center window lists and updates discussion groups to which you are currently subscribed on the selected server.
• Collabra downloads headers of new Collabra messages in each of your subscribed groups. (This is how Collabra displays information about the discussion groups.) To set a limit on how many headers Collabra can download, set groups server properties.
• You do not download a Collabra message until you open it, or unless you select its group for downloading before going offline.

Troubleshooting

Before the Message Center window can display your primary groups server's name, you must have your Groups Server preferences set. If you do not have your Groups Server preferences set, the Mail & Discussion Groups Wizard (Windows only), or the Groups Server panel of the preferences dialog comes up automatically. Use the Mail & Discussion Groups Wizard or the Groups Server panel to help you set required preferences.

If an invalid groups server name appears for your primary server in your Message Center's list of servers, provide the correct server name by using the Groups Server panel of Mail & Groups preferences.

If an invalid groups server name appears for a server that is not your primary server, use groups server properties to correct the name of the server.

If you can't access a server using a dial-up connection with auto-connect, check your network software, such as PPP and TCP/IP, and modem settings to see if they're correctly configured to access the server's site. Enable configurations for the server's site, then try opening the server.

What's next:

Subscribing to Discussion Groups

See Also:

Setting Groups Server Preferences (with Mail & Discussion Groups Wizard--Windows only) Changing Groups Server Preferences Adding a Groups Server to Your List of Servers Setting Groups Server Properties

About Subscribing to Discussion Groups

To easily access and organize discussion groups you are interested in, keep a list of discussion groups to which you are subscribed. When you open your groups server, Netscape Collabra automatically updates groups to which you subscribe on that server.

Use the Subscribe to Discussion Groups dialog box to list discussion groups available on from your current groups server. To open the Subscribe to Discussion Groups dialog box:

1. Open your Message Center by clicking Discussions on the component bar. The component bar is in the lower right corner of a Netscape Communicator window.
2. On the toolbar of your Message Center window, click Subscribe, which brings up the Subscribe to Discussion dialog box.

The Subscribe to Discussions dialog box enables you to list:

• All available discussion groups
• Discussion groups whose descriptions contain a keyword you specify
• Discussion groups created since you last listed available discussions

Click on one of the following to learn more about:

Using the List All Groups panel
Using the Search for Groups panel
Using the List New Groups panel

---

Listing All Available Discussion Groups

Use the List All Groups dialog to:

• Select news servers whose available discussion groups you want to inspect.
• Display all available discussion groups and subscribe to discussions whose entries you select from the list.

To use the List All Groups panel:

• To view an entry in the discussion list, in the Discussion Group field, type the name of the discussion whose entry you want to view.
• If you feel displaying the list is taking too long, click Stop, which stops your Discussions server from sending the remainder of the discussion group list.
• To make it easier to scan the list, click Collapse All, which collapses the list into types of discussion groups.
• To view the full hierarchy of discussion groups, click Expand All.
• To subscribe to the currently selected discussion:
• Click Subscribe.
• Or, click the checkbox on the right side of the discussion group's list entry.

Searching for Discussion Groups

To use the Search for a Discussion dialog to list available discussion groups whose descriptions contain a keyword you specify:

1. At Search for, enter a keyword that represents any part of a discussion name.
2. From the On Server menu, choose a server whose discussion groups you want to search.
3. Click Search Now.
4. After search results display, subscribe to a discussion whose name is listed by clicking the entry in the list, and:
• Click Subscribe.
• Or, click the checkbox on the right of the entry in the list.

Click OK to add the subscribed entries to your subscription list.

5. To cancel without saving changes to your subscription list, click Cancel.

---

Listing New Discussion Groups

Use the List All Newsgroups dialog to:

• Select news servers whose newly available discussion groups you want to inspect.
• Display all discussion groups newly available since the last time you listed available discussion groups.

---

Removing a Discussion Group from Your Subscription List

To remove a discussion group from your subscription list:

1. Open your Message Center by clicking Discussion Groups on the component bar. The component bar, when undetached, is in the lower right corner of any Netscape Communicator window.
2. In your subscription list, locate the entry for the discussion group you want to remove and click the checkbox on the right side of the entry. The checkbox of a discussion removed from your subscription list does not contain a check.

About Browsing Discussion Groups

To browse discussion groups with Netscape Collabra:

1. Open your groups server in your Message Center window.
2. Double-click on the name of a discussion group, which opens the discussion group in a Message List window.
3. Use the Message List window to:
• Select messages or threads and open them in messages windows.
• Or, use the Message List window's message panel to browse messages and threads.

Opening Your Subscription List and Updating Discussions

To open your Subscription list and update its discussion groups:

1. From the component bar, click Discussions. The component bar is in the lower right corner of Netscape Communicator windows.
2. To update your discussions:
• When you open your subscription list in a Message Center window, Netscape Collabra automatically updates your subscribed discussions.
• To update discussions at any time, on the toolbar, click Get New.

About Changing Discussion Group Properties (Windows only)

Learn what discussion group properties are and how to change them.

Discussion group properties are:

• Whether the discussion group accepts HTML messages
• How many discussion messages are downloaded and the criteria that decides which messages to download
• How many discussion messages are retained locally and the criteria that decide when to delete old messages

Set or change discussion group properties by using the Discussion Group Properties dialog box. To open the Discussion Group Properties dialog box:

1. From the list of subscribed discussion groups in the Message Center window, select the discussion group whose properties you want to change.
2. From the Edit menu of the Message Center window, choose Discussion Group Properties.

Setting General Discussion Group Properties (Windows only)

Use the General panel to obtain status information about the selected discussion group and to select whether the discussion group accepts HTML messages.

When when you uncheck the HTML messages checkbox, you cannot post HTML messages to the selected discussion group nor any groups that contain it. For example, if you uncheck HTML messages for the discussion group mcom.jellybeans.lime, you cannot post HTML messages to mcom.jellybeans.

Collabra converts to plain-text any HTML messages you post to groups that do not accept HTML.

Setting Discussion Group Properties for Downloading

Use the Download Options panel to:

• Specify a discussion group to download when you switch to offline mode.
• Which messages to download from the selected group.
• Click Download Now to download discussion messages according to your current settings.

Details

If you select to use default settings from preferences, Collabra uses settings in the Groups Server panel of Mail & Groups Preferences.

Setting Discussion Group Properties Concerning Disk Usage

When you download discussion groups to work offline, your local disk can fill up quickly. Use the Disk Space panel to help you keep disk usage at a manageable level.

About More Disk Space Options

When you remove message bodies, you still retain the message headers that appear in the Message List window. However, you can only retrieve the message when you connect to your groups server and if the message still resides on your groups server.

About Posting Collabra Messages

Learn about the different ways you can contribute to a discussion group.

You can contribute to a discussion in the following ways:

• Start a new thread by posting a new message
• Contribute to an existing thread by replying to the discussion group
• Reply to contributors individually, instead of posting to the discussion group itself

Starting a New Thread

To post a new message to a discussion:

1. Choose whether you want to send plain-text or rich-text.
2. Choose whether you want to:
• Post a response to a message or contribute to an existing thread.
• Or, start a new thread.
3. Use the Compose window to compose and post your message.

Contributing to a Thread or Posting a Response

To contribute to a Collabra thread or to post a response to a Collabra messages:

1. Ensure the thread you are contributing to or the message you are responding to is open in a Message List or Message window.
2. Select whether you want to reply by mail to the author of the original message, or whether you want to post your response to a discussion:
• To mail a response only to your recipient, click Reply and select Reply to Sender Only (Windows) or To Sender Only (Mac OS).

To post a response to discussions listed in the original message,

• click Reply and select Reply to Group (Windows) or To Discussion (MacOS).
3. Use the Compose window to check the address list, quote the original message text, and compose and send your message.

Details

When you reply or respond to a Collabra message:

• If replying by mail, your response is automatically addressed to recipients listed in the Reply to header of the original message.
• If posting a response to a discussion group, your response is automatically addresses to discussions listed in the Post to header of the original message.

In either case, ensure your reply is correctly addressed. Check the addresses in the address list and delete addresses and names of discussions that are not familiar to you. Use the Address Area to add or edit addresses, if you need to.

To include the original message in your reply, click Quote, which is on the Compose window toolbar. When you include the original message, it is included as an attachment, so you can see an entry in the attachments area, but you do not see the message in the composition area.

Compose your response in the composition area. If you are composing in HTML, use the Composer application tools.

To send the message, click Send Now,which is on the Composition window toolbar.

Downloading Discussion Groups for Offline Browsing

Learn how to download discussion groups so you can disconnect from your network and still be able to browse discussions.

To select discussion groups to download:

1. Open your Message Center by clicking Discussion Groups on the component bar.
2. From your Message Center, select a groups server by clicking it once.
3. From the File menu, choose Go Offline.
4. In the Download dialog box, click the checkbox Download Discussion Groups.
5. Click Select Items For Downloading to bring up the Discussion Groups dialog box, which enables you to choose which groups you want to download.
6. Click Go Offline to download your selection and disconnect from your network.

What's Next?

Selecting Groups to Download

Selecting Discussion Groups to Download

Use the Discussion Groups dialog to select groups you want to download and browse offline.

• To select a discussion group for downloading, click the check on the right of the discussion group's name in the list.
• To choose which messages in your selection are downloaded, set discussion group properties for the selected group.

See Also

Changing Discussion Group Properties

About Groups Servers, Preferences, and Properties

Learn how Collabra organizes servers and understanding groups server preferences and properties.

When you open your Message Center and have preferences set for your groups server, the Message Center displays this server as your primary groups server. Because not all groups servers offer identical lists of discussion groups, you may have access to more than one groups server. If you have access to more than one groups server, your Message Center can list them all, so you can easily switch servers by clicking on a server name.

Click one of the following topics to learn about:

Setting Preferences for Your Primary Groups Server (Windows only)

Changing Preferences for Your Primary Groups Server

Adding a Groups Server

Changing Preferences for Additional Groups Servers (Windows only)

Changing Groups Server Preferences for Your Primary Server

Learn to use Mail & Groups Preferences' Groups Server panel to change settings for accessing your primary groups server.

To open the Groups Server preferences panel:

1. From the Edit menu of any Communicator window, choose Preferences.
2. In the list on the left side of the Preferences dialog box, open the Mail & Groups list, then click Groups Server.

Using the Groups Server Preferences Dialog

Use the Groups Server preferences panel to provide information necessary to list, subscribe to, and update discussion groups:

1. Enter the name of your groups server.
2. If you are using PC or UNIX versions of Netscape Communicator, click Choose and choose a local directory where your news server can download Collabra messages.
3. To change other preferences, click a category on the left. Click OK to close Preferences.

Details

Ensure you have the correct host name supplied for news (NNTP) host. Your NNTP host is the computer that handles your news feed. If you do not know the name of your groups server, contact your system administrator or your Internet Service Provider, and ask for the name. Example: news

If you are using Netscape Communicator on a PC or Unix workstation, provide the path name of a local directory where your news server can download news updates. Example: C:\Program Files\Netscape\Communicator\News

If you are using Netscape Communicator on a Macintosh, you do not need to provide the name of a news directory.

Adding a Groups Server to Your Selection of Servers

Learn how to add a discussion groups server to your Message Center's list of groups servers.

To add a groups server to your selection of groups servers, use the Add Groups Server dialog box. There are two ways to open the New Groups Server dialog:

• From your Message Center window:
1. Ensure a groups server is selected in the groups servers list.
2. From the File menu, choose Add Server.
• From the List All Groups panel of the Subscribe to Discussion Groups dialog box, click Add Server.

Using the New Groups Server Dialog Box

Use the New Groups Server dialog to add a groups server to your selection of servers you can use to subscribe to and browse discussion groups.

If you do not know the name of the server, obtain from your system administrator or help desk the name as well as the port number of the server. Use the New Groups Server dialog to provide this information.

About Changing Group Server Properties (Windows only)

Learn how what server properties are and how to change them.

Groups server properties are:

• Whether the a user name and password are required
• Whether the server accepts HTML messages

To change properties associated with a groups server use the Groups Server Properties dialog box. To open the Groups Server Properties dialog box:

1. From your list of groups servers in your Message Center window, select the groups server whose properties you want to change.
2. From the Message Center's Edit menu, choose Discussion Group Server Properties

Setting Discussion Server Properties (Windows only)

Use the Discussion Groups Server Properties dialog to gather information about the current server, to set access options, and to record whether the server accepts HTML messages.

Require your user name and password to add an extra level of security when accessing your discussion groups. When you set this option, Collabra requires your user name and password when you first open the selected server.

About Security

Learn how to make it more difficult for unauthorized persons to access your system and correspondences.

To make it more difficult for unauthorized persons to interfere with your day-to-day communications and access your system, follow these steps:

1. Familiarize yourself basic concepts and terms concerning electronic security.
2. Know how to choose a good password and require a password for any Communicator task that accesses your certificates.
3. Obtain a certificate for yourself.
4. Use the Security Info window to set Navigator preferences for browsing encrypted web pages.
5. Use the Security Info window to set Messenger preferences for encrypting and digitally signing email messages.
6. Use the Security Info window to set Java/JavaScript access preferences. The Security Info window's Java/JavaScript preferences include defaults for choosing levels of access you are willing to grant to Java applets and JavaScript scripts, which web sites can run on your computer.
7. Collect certificates from all those with whom you wish to have encrypted correspondence.

Click one of the following topics to learn more about:

Concepts and Terms Concerning Encryption, Digital Signatures, and More

About Security Terms and Concepts

This section describes terms and concepts you must know in order to make your system and correspondence more secure.

About Electronic Security

Electronic security requires that

• No unauthorized person can access data transmitted to or from you.
• No unauthorized person can, without detection, forge your identity or the identity of anyone whose certificate you hold.
• No unauthorized Java applet can access your computer, and authorized Java applets can only access your computer to an extent to which you approve.

While you cannot always ensure your communications are secure, you can use certificates, encryption, and the Security Info window to make it less likely you or others compromise security.

About Certificates and Digital Signatures

A certificate is an tamper-resistant file that identifies the individual to whom it is issued and that provides you with tools so you can better secure communications with others.

A certificate's contents depend on level of certificate it is. A basic certificate contains:

• The name the owner gave the signing authority.
• A digital signature unique to the owner
• A public key to match the owner's private key
• A signature from the signing authority that issued the certificate.

You collect and distribute certificates when you send and receive signed messages.

About Encryption

Encryption is scrambling information through the use of a public key, which is included in a certificate you collect from a correspondent.

When you encrypt an outgoing message, you use your recipient's public key to scramble the message in such a way that only your intended recipients, can unscramble the message. Specifically, a recipient's certificate contains a public key.

A correspondent uses your certificate in the same way when encrypting messages to you. You cannot read an encrypted message or display an encrypted web page without decrypting it.

To encrypt a message, you must have a valid certificate from each and every recipient in the message's address list. You cannot encrypt the message for only selected recipients.

About Decryption

Decryption is unscrambling encrypted information transmitted to you.

When you open an encrypted message or connect to an encrypted web page, you use your private key to decrypt and display the message or web page contents.

You cannot read an encrypted message or display an encrypted web page without decrypting it. You cannot decrypt messages or web pages:

• encrypted with a certificate other than the one matching the one you own
• on computers other than the one you used to obtain your certificate (unless you export your certificate from your original computer and import it into the computer you are currently using)
• after the expiration date shown on your certificate

Keep your certificates and computer safe. Anyone accessing your certificates or key database on your computer can decrypt your messages and sign outgoing messages.

About Public and Private Keys

When you obtain your certificate for a signing authority, you generate public and private keys:

• A private key is an decryption code Communicator generates when you obtain a certificate from an certificate issuer (signing authority). Communicator stores your private key in your key database and uses it to decrypt information encrypted with your public key.
• A public key is an encryption code Communicator generates and stores in your key database and includes it with your digital signature when you sign an outgoing message or some other object you can sign and send. Whomever receives and stores your public key can encrypt and send information to you.

About Certificate Signers

Certificate signers are the companies or organizations that issue and authorize certificates. You can use the Security Info window to contact signers of certificates you hold. You can contact signers when you need to obtain a certificate for yourself, update certificates, and validate certificates.

Use the Signers,Certificate panel to view a list of certificate issuers you can contact.

About Encrypted Web Pages

A server can encrypt a web page when transmitting the page data to your browser. Your browser decrypts the message just before displaying it for you. After receiving, decrypting, and viewing the page, it resides on your computer in its unencrypted form.

Use the Navigator panel to configure your defaults for accessing encrypted web pages.

Use the Security Info panel to display information about an encrypted web page you are connecting to.

Use the Web Sites Certificates panel to display information about certificates you have already accepted from Web sites.

About Encrypted Messages

Your Inbox receives and stores encrypted messages in their encrypted state. You decrypt messages only when you open them.

Follow these rules in order to keep access to your messages uninterrupted:

• Ensure you own a valid certificate.
• Ensure recipients have your updated certificate.
• Do not move your certificate from the computer used to obtain your certificate, unless you export your certificate to other computers you use, and import the certificate from each of those computers.
• Do not forget your password.
• Be prompt in updating expired certificates.

Use the Messenger panel to configure your defaults for digitally signing and encrypting outgoing messages.

About Signed Java Applets

Some web pages make available a special type of program called a Java Applet. You may need to use a Java Applet in order to make use of an online service. Java Applets, like email messages and web pages, can carry and deliver a certificate, which can help you in deciding whether you want to use an applet and give it access to your computer.

Use the Java Applets panel to set levels of access you are willing to grant Java Applets.

Use the Software Developers Certificates panel to display certificates you have already collected from Java Applets.

Use the Security Info panel to display information about an applet when it requests access to your computer.

Introduction to Security Info

Check the security status of your current task by using the Security Info window:

1. From any Communicator window, click Security Info on the toolbar, which brings up the Security Info window.
2. In the left frame of the Security Info window, click Security Info. The right frame of the Security Info window displays information about your most recent task.

General Status Information (No Active Status)

The Security Info panel displays the status of a certificate-based task that is currently in progress. Certificate-based tasks are:

• Encrypting or digitally signing an outgoing email message
• Decrypting or checking the digital signature on an incoming email message
• Loading an encrypted web page
• Accessing a Java Applet that requests access to your computer

Some Security Information panel messages require you to make a decision and provide input, while other panel messages report the success or failure of a task.

Your Current Outgoing Message

The status of your outgoing message can be only one of the following:

• Unencrypted and unsigned
• Encrypted but not signed
• Signed but not encrypted
• Encrypted and signed

In most cases, you probably want your outgoing message to be both encrypted and signed:

• To encrypt your message, you must obtain a valid certificate from each and every recipient in the address list. You cannot encrypt the message if your address list contains the name of a discussion group or the name of a mailing list.
• To sign your message, you must obtain a valid certificate for yourself.

You cannot encrypt your message or add your digital signature

You cannot encrypt nor digitally sign messages on any computer but the one to which your certificates were issued. If you are using a computer other than the one you used when you obtained your certificates, you must contact your certificate issuer and obtain a new certificate for the computer you are now using, or use export and import certificate features, which are available through the Security Info window.

You cannot encrypt a message

Check your address list. You cannot encrypt your message to any of your recipients if even one recipient has failed to distribute a valid certificate.

Update recipients' certificates. To update certificates you've collected from others, use the Certificates panel. Under Certificates, click People.

You can also use the Signers panel to update your recipients' certificates. Your recipients may all have valid certificates, but may not have distributed them recently. signers can update all certificates of the types they distribute, and do so upon request.

You cannot add your digital signature

Check your own certificates and update them with their signers. You cannot add your digital signature unless you have a valid certificate.

Your Current Incoming Message

You cannot decrypt a message

You cannot decrypt messages on any computer but the one to which your certificates were issued, unless you export your certificates. If you are using a computer other than the one you used when you obtained your certificates, you must import the certificates you've exported from the original computer.

Update your personal certificate. If you are using the original computer on which your expired certificate was issued, after contacting the certificate issuer, you can regenerate a valid private key and can then decrypt your current messages.

The Encrypted Web Page You Are Loading

Warning about unencrypted files in your disk cache

Warning: Once the Browser Window displays an encrypted page, your disk cache retains an unencrypted copy of the page in an unencrypted form. Anyone having access to your Netscape disk cache can view the contents of the page.

You cannot decrypt and display the page

You cannot decrypt messages on any computer but the one to which your certificates were issued. If you are using a computer other than the one you used when you obtained your certificates, you must contact your certificate issuer and obtain a new certificate for the computer you are now using.

To decrypt your current messages, you must use your original computer, or use certificate export and import features of the Security Info window.

Update your personal certificate. If you are using the original computer on which your expired certificate was issued, after contacting the certificate issuer, you can regenerate a valid private key and can then decrypt the web page.

About Passwords for Your Certificates

You can set a password that Netscape Communicator requires before enabling access to your collection of certificates.

To set or alter your password:

1. Open the Security Info Window, from any Communicator window, open the Communicator menu and choose Security Info.
2. From the Security Info Window, in the table of contents on the left, click Your Password.

You do not have a password for your certificates

Set a password for access to your certificates. This helps to ensure that others using this computer and software installation cannot use your certificates without your knowledge.

Choosing a Good Password

When choosing a password follow these guidelines, which make it difficult for your password to be guessed by a password-cracking program:

• Use at least six characters.
• Use a mix of upper and lower case characters, numbers, and at least one nonalphabetic symbol.
• Do not use any word found in any language dictionary, and do not add a numeric or symbolic prefix or suffix to a dictionary word in order to disguise it.
• Do not use any word that makes up part of your personal identification, such as your phone number or an ID number.
• Never write out your password in a file on a computer or on paper.
• Never forget your password. You cannot decrypt information without your password.

You already have a password

The software installation on this computer already has password-protected certificates for your user name. You cannot set a new password, if you do not know your existing password.

If someone set up your account for you, you must obtain your password from that person.

If you forget your password

If you set your own password and have forgotten it, you cannot access your certificates or decrypt your messages. Your certificate issuer cannot provide you a replacement certificate, so you must obtain new certificates. Because you cannot access your certificates without your password, any encrypted messages you saved in your Inbox and other message folder cannot be decrypted.

Suggestions:

• Ensure you do not have caps lock enabled on your keyboard.
• Contact your recipients and let them know that you may need them to resend important information.

Warning Concerning Forwarding a Decrypted Message

If you attempt to forward a decrypted message without first encrypting it, Messenger reminds you to encrypt it, unless you have explicitly turned off encryption from the composition window.

Warning Concerning Possible Message Tampering

A warning about message tampering comes up only when an incoming message has been altered in some way after it was sent. Alteration of the original message content can be due to corruption due to mishandling or to interception and forgery.

Suggestions:

Return the tampered message to its sender. Contact the sender to let them know you are having problems with encrypted or signed messages they are sending.

Contact your system administrator or help desk to report the incident and to inquire about procedures they may have in place.

Warning Concerning A Document Consisting of Both Encrypted and Unencrypted Parts

A warning about messages with mixed encryption only comes up when you access a document that is encrypted, but contains unencrypted parts. If you do not feel that your system is secure, you may not want to open a document that contains unencrypted parts.

---

Warning Concerning Failure to Encrypt Message

Suggestions:

Check your address list. You cannot encrypt your message to any of your recipients if even one recipient has failed to distribute a valid certificate.

Update recipients' certificates. To update certificates you've collected from others, use the Certificates panel. Under Certificates, click People.

You can also use the Signers panel to update your recipients' certificates. Your recipients may all have valid certificates, but may not have distributed them recently. signers can update all certificates of the types they distribute, and do so upon request.

---

Warning about unencrypted files in your disk cache

Warning: Once the Browser Window displays an encrypted page, your disk cache retains an unencrypted copy of the page in an unencrypted form. Anyone having access to your Netscape disk cache can view the contents of the page.

About Navigator Security Settings

The following sections detail why you might want to enable warnings from Navigator:

Entering an encrypted site:

You need to be aware that the pages you are accessing are encrypted. Because the pages are decrypted without your intervention, you may want notification to remind you that you must clean up or secure downloaded files upon completion of your session.

Leaving an encrypted site:

You may want this as a reminder when to remove decrypted files left on your local drive. Web pages are only encrypted during transmission from the web page server to your browser. Files in your cache or file you may have saved to disk are not encrypted.

Viewing a page with an encrypted/unencrypted mix:

You may want this as a reminder to consult the Security Info panel, which identifies files encrypted during transmission.

Sending unencrypted information to a site:

You may want this as a reminder to help to prevent you from submitting unencrypted forms or information that you may not realize is submitted through email.

Certificate to identify you

This includes your digital signature. If you have multiple certificates of your own, you can choose which you want to send to a web server. Some web sites may only accept certificates from specific signers or certificates exceeding particular grade. If you frequently transact with multiple sites that have conflicting requirements, set Ask Every Time.

About Messenger Security Settings

The following sections detail why you might want to enable warnings from Messenger:

Sending an unencrypted reply:

You may not always need to encrypt replies. Because replies often contain contents from the original message, and because it is easy to overlook message decryption, it's advisable to set this option.

Always encrypt mail messages:

You can prevent the unfortunate event of overlooking encryption by setting this option. Even though you take the chance that your recipient may not be able to decrypt your message (in the event your recipient neglects to remember a password, import certificates when using a computer infrequently used, or keep certificates updated), the repercussions of neglecting encryption can be much more severe.

Always sign mail messages:

Unless attaching your digital signature is causing problems for your recipients, it is highly recommended that you set this option. When you attach your digital signature, it enables your recipients to encrypt replies to you.

Always sign discussion (news) messages:

Because readers and administrators of Usenet news are often concerned about posting extraneous material, such as adding your certificate when you digitally sign a posting, you may not want to set this option.

Set Always sign discussion messages if you post to Intranet discussions, such as discussions hosted by your site. Signing discussion messages is an effective way to distribute your certificate.

Certificate for your Encrypted Messages

This contains your digital signature. If you own multiple certificates, you can choose which you want to send to recipients when you sign messages. Some recipients may only accept certificates from specific signers or certificates exceeding particular grade. If recipients are not particular concerning which certificate you use when signing messages, you may want to use a certificate having the longest period of validity.

Advanced S/MIME Configuration

Click Select S/MIME Ciphers to indicate types of ciphers you prefer a correspondent uses when encrypting and sending a message to you. Your enabled ciphers are included in signed, outgoing messages. However, this does not prevent a correspondent from encrypting a message to you with a type of cipher you have disabled.

About Settings for Java Applets

Use the Java Applets panel to view, remove, and edit access privileges for Java applets signed with a certificate issued by the signer listed in the list box.

To use the Java Applets panel:

1. Select a signer in the list.
2. Click one of the following buttons:
• View Certificate displays all the information contained in the certificate the signer uses to sign certificates they issue. This can help you to authenticate whether a certificate was issued by a the selected signer.
• Remove denies all access privileges to all Java applets signed by the signer you've selected.
• Edit Privileges enables you to customize privileges for all Java applets signed by the signer you've selected. When you click Edit Privileges the Java Applet dialog box comes up.

Using the Java Security Dialog Box to Set Java Applet Access Levels

Use the Java Security dialog box to grant or deny the access it describes:

• To grant the access described, click Grant.
• To deny the access described, click Deny.
• To make Communicator remember your decision indefinitely, click the checkbox.

If you don't choose to have Communicator remember this decision, the next time Java software signed by this entity requests access, Communicator displays this dialog box again.

If you select to remember your decision each time you start Communicator, Communicator always allows Java software signed by this entity to have this kind of access.

The Java Security dialog box provides information to help you make your decision:

• To view the certificate used to sign the Java applet or JavaScript script, click View.
• The description of Low, Medium, and High risk can give you a rough idea of the degree of risk involved in granting access .
• The text box displays a short description of the kind of access the applet requests. For a more detailed description, click Details.

Netscape provides risk level categories High, Medium, and Low as guidelines only. You may have a different opinion about the degree of risk access entails. Be sure to click Details and exactly what types of access are involved and make your own decision.

• High risk. A major security attack is possible, permitting severe damage to your system or data. Major violation of privacy is possible, such as reading any information from hard disks connected to your computer. Very significant services may be requested, such as establishing a connection over the network to a remote computer.
• Medium risk. Major violation of privacy is possible, such as reading any information from a hard disk connected to your computer. Some significant services may be requested, such as writing files on a hard disk or sending email on your behalf.
• Low risk. Minor violation of privacy is possible, such as reading your user ID. Relatively minor services may be requested, such as writing a single file to a specified noncritical directory on a hard disk connected to your computer.

Using the Java Security Target Details Dialog Box

Use the Java Security Target Details Dialog Box to get detailed information about the kind of access a Java applet or JavaScript script is requesting:

• The upper text box displays a detailed description of the requested access.
• The lower text box displays descriptions of the individual kinds of access the requested access includes (if it includes more than one kind of access).

The risk level categories High, Medium, and Low are provided by Netscape as guidelines only. You may have a different opinion about the level of risk this kind of access entails. Be sure to read the description of the access requested and make your own decision.

Netscape's current classification system is based on these categories:

• High risk. A major security attack is possible, permitting severe damage to your system or data. Major violation of privacy is possible, such as reading any information from hard disks connected to your computer. Very significant services may be requested, such as establishing a connection over the network to a remote computer.
• Medium risk. Major violation of privacy is possible, such as reading any information from a hard disk connected to your computer. Some significant services may be requested, such as writing files on a hard disk or sending email on your behalf.
• Low risk. Minor violation of privacy is possible, such as reading your user ID. Relatively minor services may be requested, such as writing a single file to a specified noncritical directory on a hard disk connected to your computer.

About Certificates

You can obtain your own certificate by contacting a signing authority. You obtain certificates from others by opening a message from them, by accessing their web pages, and by allowing their Java applets access to your computer.

About Your Own Certificates

To obtain a certificate for yourself, click Get Certificate. When you click Get Certificate Netscape Navigator connects to a signing authority. Through the signing authority, you obtain a certificate and generate keys.

To use your certificate on a computer other than the one you used to obtain the certificate, you must export the certificate. To export a certificate, select it in the certificates list, then click Export.

About Certificates from Others

The People certificates panel lists certificates you've collected from email messages. All the certificates listed in the certificate list were sent to you in email messages. Use this list to verify, view, or delete certificates in the list.

Verifing a certificate is when you ensure it was issued by signing authority the certificate claims. Select the certificate you want to verify, then click Verify.

Certificates Collected from Web Pages

When you connect to a web site offering an encrypted web page, you collect a certificate from the site. This is a list of all the site certificates you've collected.

Certificates Collected from Java Applets

When you accept the use of a signed Java applet, you collect a certificate from the applet requesting access. This is a list of all the certificates you've collected.

About Certificate Signers

This is a list of all the organizations who have issued certificates you've either collected or own. Click on the name of the organization in order to select it. You can then verify all certificates by the selected issuer or obtain more information about the selected issuer.

About Cryptographic Modules

Cryptographic Modules are loadable pieces of software that provide a function of cryptographic services, such as:

• Smart card support (including PCMCIA smart cards and disk-based smart cards)
• Specialized key distribution schemes, such as entrust
• Hardware-accelerated cryptography (currently unavailable)
• New ciphers (currently unavailable)
• FIPS-compliancy