Bugtraq mailing list archives

Re: SSL message broken

From: elfchief () lupine org (That Whispering Wolf...)
Date: Thu, 17 Aug 1995 20:16:48 -0700

Normal SSL is fine, the exportable version has been crippled and thus you
are at risk of someone with access to significant computing power. If the
SSL connections were allowed to be conducted with full security then there
would not be a problem.


How many people do you know that use the non-exportable version of
Netscape?

A quick check with about 50 people (aren't online games neat?) that use
Netscape indicates that 45 or so of them don't even know that any other
version than the one on the FTP site (exportable) exists, and none of the
remainder actually have posession of the more secure version.

Though there is a propperly secure version, the 40-bit-key version is the
de-facto standard on the net right now... Which means that basically ANYONE
that's trying to base secure transactions on netscape and SSL is at risk.

IMHO, of course.

                                                                        -WW

Current thread:

SSL message broken That Whispering Wolf... (Aug 16)
- Re: SSL message broken Mark (Aug 17)
  - Re: SSL message broken That Whispering Wolf... (Aug 17)
  - Re: SSL message broken Perry E. Metzger (Aug 17)
  - CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
    - Re: CERT Alert on new sendmail bug - any info? Tom Fitzgerald (Aug 18)
    - Re: CERT Alert on new sendmail bug - any info? Karl Strickland (Aug 18)
    - Re: CERT Alert on new sendmail bug - any info? Ben Golding (Aug 20)
    - Re: CERT Alert on new sendmail bug - any info? Neil Woods (Aug 18)
    - Re: CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
  - Re: SSL message broken Scott McClung (Aug 18)