Bugtraq mailing list archives
Re: SSL message broken
From: elfchief () lupine org (That Whispering Wolf...)
Date: Thu, 17 Aug 1995 20:16:48 -0700
Normal SSL is fine, the exportable version has been crippled and thus you are at risk of someone with access to significant computing power. If the SSL connections were allowed to be conducted with full security then there would not be a problem.
How many people do you know that use the non-exportable version of Netscape? A quick check with about 50 people (aren't online games neat?) that use Netscape indicates that 45 or so of them don't even know that any other version than the one on the FTP site (exportable) exists, and none of the remainder actually have posession of the more secure version. Though there is a propperly secure version, the 40-bit-key version is the de-facto standard on the net right now... Which means that basically ANYONE that's trying to base secure transactions on netscape and SSL is at risk. IMHO, of course. -WW
Current thread:
- SSL message broken That Whispering Wolf... (Aug 16)
- Re: SSL message broken Mark (Aug 17)
- Re: SSL message broken That Whispering Wolf... (Aug 17)
- Re: SSL message broken Perry E. Metzger (Aug 17)
- CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Tom Fitzgerald (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Karl Strickland (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Ben Golding (Aug 20)
- Re: CERT Alert on new sendmail bug - any info? Neil Woods (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
- Re: SSL message broken Mark (Aug 17)
- Re: SSL message broken Scott McClung (Aug 18)