Re: Is SSL dead?

1999-10-08 Thread Steve Reid
On Wed, Oct 06, 1999 at 06:28:45PM -0700, Greg Broiles wrote: This deserves further explanation. In order to begin an SSL session, the server must present its public key and its site certificate to the client. I think you're missing the point of the article. The issue is, what happens when

RE: Is SSL dead?

1999-10-08 Thread Bill Stewart
At 04:35 PM 10/6/99 , Phillip Hallam-Baker wrote: This is a problem with SSL 2.0 first discovered by Simon Spero then at EIT. It was fixed in SSL 3.0, that must be almost three years ago. The server certificate now binds the public key to a specific Web server address. That means that you can

Re: Is SSL dead?

1999-10-08 Thread EKR
Bill Stewart [EMAIL PROTECTED] writes: At 04:35 PM 10/6/99 , Phillip Hallam-Baker wrote: This is a problem with SSL 2.0 first discovered by Simon Spero then at EIT. It was fixed in SSL 3.0, that must be almost three years ago. The server certificate now binds the public key to a specific Web

Re: Is SSL dead?

1999-10-08 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Bill Stewart writes: At 04:35 PM 10/6/99 , Phillip Hallam-Baker wrote: That means that you can only succeed against web-users whose browsers still accept SSL2.0, which is most Netscape users by default; I don't know if IE also defaults to that, but it probably

Is SSL dead? (was Re: ECARM NEWS for October 06,1999 Second Ed.)

1999-10-07 Thread Robert Hettinga
At 2:00 PM -0400 on 10/6/99, [EMAIL PROTECTED] wrote: Title: Special Kurt's Closet: Is SSL dead? Resource Type: News letter Date: Semptember 30, 1999 Source: Security Portal Author: Kurt Seifried Keywords: INTERNET/WWW,SECURITY ISSUES ,ONLINE SHOPPING ,SSL Abstract/Summary

RE: Is SSL dead?

1999-10-07 Thread Greg Broiles
Phill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Hettinga Sent: Wednesday, October 06, 1999 4:22 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Is SSL dead? (was Re: ECARM NEWS for October 06,1999 Second Ed.

RE: Is SSL dead? (was Re: ECARM NEWS for October 06,1999 Second Ed.)

1999-10-07 Thread Phillip Hallam-Baker
] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Hettinga Sent: Wednesday, October 06, 1999 4:22 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Is SSL dead? (was Re: ECARM NEWS for October 06,1999 Second Ed.) At 2:00 PM -0400 on 10/6/99, [EMAIL PROTECTED] wrote: Title

RE: Is SSL dead? (was Re: ECARM NEWS for October 06,1999 Second Ed.)

1999-10-07 Thread David Jablon
99 4:22 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Is SSL dead? (was Re: ECARM NEWS for October 06,1999 Second Ed.) At 2:00 PM -0400 on 10/6/99, [EMAIL PROTECTED] wrote: Title: Special Kurt's Closet: Is SSL dead? Resource Type: News letter Date: Semptember 30, 19