===============================
ENTRUST TECHNOLOGIES LIMITED
===============================

Release notes for Entrust/Direct(TM)
Date: June 16, 2000
Release: 5.0.1, Commercial, Service Pack 4

Thank you for your interest in Entrust/Direct. This product is subject to the terms detailed in the license agreement.

For more information about Entrust products, please visit our Web site at http://www.entrust.com.

===================
System requirements
===================

- Pentium-class processor
- 16 MB RAM (32 recommended)
- 2.6 MB available disk space (depending on configuration), plus 6 MB temporary free space needed for the installation
- Microsoft(R) Windows(R) 95 with Service Pack 1 (950a), OSR 2 (950b), or OSR 2.5 (950c), Windows 98, Windows 2000, Windows NT(R) 4.0 with Service Pack 3 or higher
- An Entrust profile created using Entrust/PKI(TM) 4.0 or higher
- A proxy-capable Web browser. The Entrust/Direct client for Windows 95/98/2000 and Windows NT 4.0 supports the following browsers:
	- Netscape(R) Communicator 4.01, 4.04, 4.05, 4.07, 4.08, 4.5, 4.6.x, and 4.7
	- Microsoft Internet Explorer 4.0, 4.01, 5.0, and 5.01

===========================
What's new in this release?
===========================

Entrust/Direct now properly configures and restores proxy settings when using Microsoft Internet Explorer 4.0.

If you are using Microsoft Internet Explorer 5.0, you can now establish a dial-up session after launching Entrust/Direct. Entrust/Direct now dynamically detects the current dial-up setting and modifies your proxies accordingly.

Improved support for loading graphics-intensive web pages under Windows 2000.

Entrust/Direct now supports the IDEA encryption algorithm.

Entrust/Direct no longer requires the Authorization code to be entered in the form XXXX-XXXX-XXXX.

Entrust/Direct now saves the etdirect.tmp temporary file in the Direct directory, regardless of the directory it was launched from.

Entrust/Direct now prints the browser's chainProxy value into the Entrust/Direct diagnostic log.

The diagnostic tool now checks to see if the etdrxres.dll file exists.  If there is no etdrxres.dll, the diagnostic tool displays an error message and exits.

The diagnostic tool is disabled if the etdrx.exe file is missing from the Direct directory.

The diagnostic tool has been enhanced to check the dates and version numbers of all files in the same folder as the Direct executable file.

The message decryption client can now work offline.  It displays the warning "The public directory is unavailable." and continues to decrypt the message after the OK button is clicked.

Entrust/Direct can now correctly modify Netscape browser settings when extended characters are in the profile path.

The message encryption client can now encrypt messages larger than 24 Kb.

===========================
In 5.0
===========================

You can now log in to Entrust/Direct using a "roaming" profile. This is using Entrust/Entelligence in an "Intranet" mode.

Entrust/Direct can be configured to communicate with Entrust/PKI indirectly through the Entrust/Direct Web server proxy.

There is an Entrust/Direct QuickStart Guide so users can get up and running quickly. Make sure your printer settings are set to legal and double-sided on the short side when printing.

In 4.0c
=======

You can now connect to Entrust/Direct-protected sites through firewalls configured to use proxy authentication.

Entrust/Direct now reads the browser's proxy settings before the browser is launched. As a result, you will be able to create a profile through the Welcome dialog box even if Entrust/Direct is set up to communicate with Entrust/PKI through a proxy.

Entrust/Direct can now use customized HTTP headers for the secure data it sends to Entrust/Direct-protected Web sites.

In 4.0b1
========

For IE 5.0: Entrust/Direct will now automatically use dial-up networking accounts set up through Dial-Up Networking. In Entrust/Direct 4.0b, you had to confirm your dial-up settings through the browser (click View > Internet Options > Connection > Settings.., and then click OK) before using Entrust/Direct.

Entrust/Direct now fully supports Netscape Communicator 4.5.x.

In 4.0b
=======

Entrust/Direct can now be used with Internet Explorer 5.0.

Entrust/Direct will now restore the browser settings if the computer is rebooted while Entrust/Direct is running.

Entrust/Direct can now use the DSA algorithm for signing data.

In 4.0a
=======

Entrust/Direct will no longer present you with two login dialogs when you log in using a hardware token.

The performance of Entrust/Direct has been improved.

The digital signing capabilities of Entrust/Direct have been enhanced.

In 4.0
======

Entrust/Direct can now be run without displaying the Entrust/Direct main window or launching the default browser. In this mode, Entrust/Direct will become active automatically when you visit an Entrust/Direct-protected Web site. Contact your Entrust Administrator for more information.

Entrust/Direct now supports the Entrust single login application that is installed with Entrust/Entelligence.

============
Known issues
============

If you are using AOL as your Internet connection, you must sign-in to AOL before launching Entrust/Direct.

If you create a profile with Entrust/Direct and then attempt to log in through the Entrust single login application (installed with Entrust/Entelligence), you will be warned that you have chosen an invalid encryption algorithm. To prevent this from happening, right-click the Entrust icon (not the Entrust/Direct icon) in the Windows tray, click Entrust Options, click the Security tab, select an encryption algorithm in the Entrust encryption algorithm drop-down list, and click OK.

If you are using an old version of some browsers you may have to manually select the application to associate with the extension ".etd" or the MIME (Multipurpose Internet Mail Extension) type "application/x-Entrust-Direct".

If you see an error message that lists the reason for the error as "Illegal HTTP header received", please inform your Entrust/Direct Administrator. The Administrator will likely have to upgrade the server component of Entrust/Direct.

If you are using Windows 98 or 2000, you may need to select the Entrust/Direct log-in dialog before entering your password if the dialog appears after a timeout occurs or after reloading a secure web page.

Support for Netscape Mission Control support requires co-ordination with your Mission Control administrator.  If your browser is configured using Mission Control and you have problems connecting to an Entrust/Direct-protected Web site, please consult your system administrator.

In Microsoft Internet Explorer, it is possible to set the browser preferences to "bypass proxy server for local addresses".  If you select this setting, Entrust/Direct will not be able to access Entrust/Direct-protected Web sites within your intranet.

We strongly recommend that all Microsoft security patches be installed. These are available at:
http://windowsupdate.microsoft.com

If your default browser is Netscape Communicator and your browser is running when you launch Entrust/Direct, you will be prompted to have your browser shut down and restarted. Do not attempt to start another instance of the browser yourself until Entrust/Direct has finished shutting down the current browser instance and restarting it. If you start a new instance of your default browser before Entrust/Direct has finished, Entrust/Direct may not have a chance to update the browser's proxy settings. As a result, that browser instance would not be able to access Entrust/Direct-protected Web sites.  If your default browser is not Netscape Communicator and it is already running when you launch Entrust/Direct, the browser windows opened before Entrust/Direct was launched will not be able to access Entrust/Direct-protected Web sites. Only instances of your default browser opened after Entrust/Direct is launched will be able to access Entrust/Direct-protected Web sites.

If you access any outside web site without Entrust/Direct but you can't access it with Entrust/Direct and instead you see a Username/Password prompt, you may have a problem with NT authentication which is not supported by Entrust/Direct. Contact your Entrust/Direct administrator.

It is recommended that you uninstall older versions of Entrust/Direct before installing Entrust/Direct 5.0.

ActivCard smartcard is not compatible with Entrust/Direct 5.0.1, resulting in an error during profile creation and during online profile login when using the Entrust Single Login feature. A software patch release is expected to be issued from ActivCard in the near future to correct this problem.

==================
Installation notes
==================

Double-click the Entrust/Direct installation icon (or run setup.exe) and follow the on-screen instructions.

=============
Documentation
=============

Please read the online documentation for more information.

=====================
Trademark information
=====================

Entrust is a trademark of Entrust Technologies Inc. in certain countries. Entrust is a registered trademark of Entrust Technologies Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Technologies Limited. All Entrust product names are trademarks of Entrust Technologies. All other company and product names are trademarks of their respective owners.
