Bugtraq mailing list archives

Re: SSL message broken

From: perry () piermont com (Perry E. Metzger)
Date: Thu, 17 Aug 1995 23:32:13 -0400


"Mark (Mookie)" writes:

Repercussions: Well, let me say this... Actual repercussions are up to
the reader. Well's Fargo has just started allowing account manipulations
via Netscape and a secure server.


There are only limited repercussions, the SSL that was broken was the 40
bit key exportable version that NetScape are forced to sell to non US
citizens. The domestic version uses 128 bit keys and so is virtually
impossible to break.


You haven't been looking, have you. The "domestic" version that 99% of
the public gets is the export version because they can't make the
"domestic" version available for download -- its only available for
sale. Almost every person using Netscape uses the "export" version.

Normal SSL is fine,


Actually, I have my doubts on that too....

Perry

Current thread:

SSL message broken That Whispering Wolf... (Aug 16)
- Re: SSL message broken Mark (Aug 17)
  - Re: SSL message broken That Whispering Wolf... (Aug 17)
  - Re: SSL message broken Perry E. Metzger (Aug 17)
  - CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
    - Re: CERT Alert on new sendmail bug - any info? Tom Fitzgerald (Aug 18)
    - Re: CERT Alert on new sendmail bug - any info? Karl Strickland (Aug 18)
    - Re: CERT Alert on new sendmail bug - any info? Ben Golding (Aug 20)
    - Re: CERT Alert on new sendmail bug - any info? Neil Woods (Aug 18)
    - Re: CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
  - Re: SSL message broken Scott McClung (Aug 18)