Re: Relative use of SSLV3 versus SSLV2

1999-07-16 Thread Tom Weinstein
"Marcus J. Ranum" wrote: > > Does anyone out there have any statistics about usage of > SSLV3 versus SSLV2? I'm trying to get a feeling for how much > product support there needs to be for V2 -- is there even > a significant user base for it anymore? Does anyone keep any > measures of version usa

Re: Clear Session ID in SSLV3

1999-07-16 Thread Tom Weinstein
"Marcus J. Ranum" wrote: > > Does anyone have a pointer to why the session ID in SSLV3 is > in the clear, rather than encrypted? I'm sure there's a good > reason for it (audit? logging? other...?) but I'm trying to > pin down exactly why it was done that way. Can anyone point > me in the right d

Commonwealth of Massachusetts will support uniform digitalsignataure law

1999-07-16 Thread Robert Hettinga
Gotta watch that reply-to-all "feature" of listserv, Dan. It'll getcha. :-). Cheers, RAH --- begin forwarded text Date: Fri, 16 Jul 1999 09:57:29 -0400 Reply-To: [EMAIL PROTECTED] Sender: Digital Signature discussion <[EMAIL PROTECTED]> From: Daniel Greenwood <[EMAIL PROTECTED]> Subje

UK spy tower owned by the 'MoD'

1999-07-16 Thread Nick
The Minstry of defence yesterday tried to sell a tower which experts say was owned by the Minstry of Defence and had satellites and other equipment pointed at the BT tower in london, it was used to intercept Phone calls/fax/e-mails from mainland britain to North & South of Ireland, this is what th

BBC report alleges UK tapped all communications to Ireland

1999-07-16 Thread Perry E. Metzger
Not quite cryptography, but it is SIGINT. http://news.bbc.co.uk/hi/english/uk_politics/newsid_395000/395843.stm First paragraphs (From the BBC): Headline: UK 'monitored Irish phone calls' Subhead: The messages were scanned for key words The UK Government tapped all telephone messages betwe

Re: Clear Session ID in SSLV3

1999-07-16 Thread Ben Laurie
"Marcus J. Ranum" wrote: > > Does anyone have a pointer to why the session ID in SSLV3 is > in the clear, rather than encrypted? I'm sure there's a good > reason for it (audit? logging? other...?) but I'm trying to > pin down exactly why it was done that way. Can anyone point > me in the right d

Re: Clear Session ID in SSLV3

1999-07-16 Thread Eric Young
"Marcus J. Ranum" wrote: > > Does anyone have a pointer to why the session ID in SSLV3 is > in the clear, rather than encrypted? I'm sure there's a good > reason for it (audit? logging? other...?) but I'm trying to > pin down exactly why it was done that way. Can anyone point > me in the right d

Questions regarding export restrictions in Europe

1999-07-16 Thread prodigy
Hello I have tried to contact the local folks here but due to summer vacation and general ignorance I haven't been able to get a 100% straight answer >from the various government departments in Denmark. I was wondering if its illegal for me to offer export restricted software for download on my