Thanks Dave. I'll get the book.
-----------------------------------------------------------
Frederic Rudman
[EMAIL PROTECTED]
Chatham Software Corp.
(518) 392-8730
----- Original Message -----
From: Wheeler, David M AZ <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 04, 2000 11:37 AM
Subject: RE: Newbie question - Diff Between SSL3.0 and TLS1.0
> Frederic,
> For your latter question, look at the following book "SSL and TLS
> Essentials: Securing the Web" by Stephen Thomas (c) 2000, published by
> Wiley. He does an excellent job covering the details of the SSL protocol
and
> gives the specific differences between SSL 3.0 and TLS 1.0. In a nut shell
> they are:
> - new version number (i.e. 3.1)
> - some new alter messages
> - use of HMAC for message authentication
> - a new PRNG for generating key material based on HMAC
> - a change to the CertificateVerify and Finished messages
> - some change to cipher suites supported (i.e. remove Fortezza)
>
> I am quoting from Thomas' book (which I read on the plan yesterday ; ) - I
> have not done the specific comparisons on the standards myself. If this
> information is in error or incomplete, someone please correct me.
> Thanks,
> Dave Wheeler
>
> -----Original Message-----
> From: Frederic Rudman [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 04, 2000 8:22 AM
> To: [EMAIL PROTECTED]
> Subject: Newbie question
>
>
>
> This is a newbie question.
>
> Sorry in advance if this is the wrong place to send this message (and if
I'm
> in the wrong place, just let me know: I won't send emails here again).
>
> I'm considering porting the ssl code (client-side only) onto an embedded
> device (a.k.a. Internet appliance) to allow it to perform secure
> communications with an SSL-compliant server.
>
> Questions:
> 0) Has this already been done? (if so, by whom/contact info, for what
env.)
> 1) Is there a group that focuses on such issues (e.g. porting the code,
> embedded devices, non-wintel/non-unix envs)
> 2) What's the approximate footprint of the compiled client side of SSL
> (ballpark, on any given platform)
> 3) Where can I find a list of the hardware/os-related modules required for
a
> successful port of the code (e.g. malloc, free, ...) for all functions not
> included as part of the source.
>
> BTW: what's the diff. bet SSL v3.0 and TSL1.0?
>
> Thanks.
> -----------------------------------------------------------
> Frederic Rudman
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> Chatham Software Corp.
> (518) 392-8730
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
