From: chen@intuit.com (Mark Chen)
Date: Sat, 29 Jul 95 14:47:15 PDT
To: perry@imsi.com
Subject: Re: Netscape the Big Win
In-Reply-To: <9507200747.AA15208@snark.imsi.com>
Message-ID: <9507292145.AA29335@doom.intuit.com>
MIME-Version: 1.0
Content-Type: text/plain



> Crypto *is* integrated into Netscape. Unfortunately, the crypto is SSL
> -- a complete waste of time.
> 
> Among other things, SSL only lets you authenticate to X.509
> certificate roots that have been issued straight from the hands of Jim
> Bidzos -- which effectively means that you can secure only connections
> with Netscape commerce servers, and that you cannot authenticate both
> ends of the communications link. Its also just plain bad -- there are
> ugly holes in the security from what I can see. Netscape is, of
> course, pushing it as a standard. Vomit.
> 
> Luckily, Netscape recently hired Tahir El Gammal (did I put too many
> m's there?) and he's a smart guy. Unfortunately, he seems to be in a
> position where he has to defend the fairly bad work they did already.

Still in catch-up mode. . . .

As the person who evaluated Courier for Intuit, I feel compelled to
point out that Intuit does *not* endorse SSL.

I agree with all of Perry's criticisms, and offer a couple of my own:

1) since SSL is a sub-application-level protocol trying to solve an
application-level security problem, it leaves communicating nodes
vulnerable to early-termination attacks.  SSL MACs authenticate
individual SSL records, not application messages.

2) since only fools run http servers on secure network segments,
network admins are faced with the problem of clearing sensitive data
(presumably "protected" on the line by SSL) out of the DMZ in real
time.  This is a pain.

Fortunately, Courier suffers from neither of these infirmities.

   - Mark -


--
Mark Chen 
chen@intuit.com
415/329-6913
finger for PGP public key
D4 99 54 2A 98 B1 48 0C  CF 95 A5 B0 6E E0 1E 1D