Hi
"Samuel W. Heywood" <[EMAIL PROTECTED]> wrote:
SH> The type of system used by SSL and RSA has the advantage of not requiring
SH> any method for secure transmission of any key or code book. For this
SH> reason, I cannot understand how RSA or SSL could possibly meet any high
SH> standard for security.
What particular thing don't you understand ??
PS: There is some kind of transfer.
The browser has a built in list of certification authorities.
Thos can sign keys from servers.
If the browser encounters a key which is signed by a known CA, than it will
proceed, if not, than a window pops up, and asks you what to do.
As long as strong crypto (eg 128 bit or 3des with 3*56) is used, and CAs are
careful signing server keys, there's no vulnerability I could think of.
So where's the point on wich you could comproize this scheme ?
SH> Sam Heywood
CU, Ricsi
--
Richard Menedetter <[EMAIL PROTECTED]> [ICQ: 7659421] {RSA-PGP Key avail.}
-=> If it ain't broke, hit it harder <=-
