1995-08-04 - Re: SSLeay - Whats the story…
Header Data
From: Enzo Michelangeli <enzo@ima.com>
To: Alex Tang <altitude@cic.net>
Message Hash: 031d95e1ec8313de2da524879dfca3b8fa6041bbdad17124a3f047f7a9c26d5c
Message ID: <Pine.LNX.3.91.950804145626.10023E@ima.net>
Reply To: <199508040455.AAA18486@petrified.cic.net>
UTC Datetime: 1995-08-04 08:03:23 UTC
Raw Date: Fri, 4 Aug 95 01:03:23 PDT
Raw message
From: Enzo Michelangeli <enzo@ima.com>
Date: Fri, 4 Aug 95 01:03:23 PDT
To: Alex Tang <altitude@cic.net>
Subject: Re: SSLeay - Whats the story...
In-Reply-To: <199508040455.AAA18486@petrified.cic.net>
Message-ID: <Pine.LNX.3.91.950804145626.10023E@ima.net>
MIME-Version: 1.0
Content-Type: text/plain
On Fri, 4 Aug 1995, Alex Tang wrote:
>
> just wondering but...What are the intrinsic points of weakness?
Perry Metzger and Mark Chen have recently expressed some criticism, and
Adam Shostack, around the end of May, posted a review that hilighted a
number of potential problem areas.
Personally, I especially dislike the use of RC4-40 (yes, other algorithms
are supported, but not using the export version of Netscape Navigator);
the excessively large portion of the handshaking data exchanged as
cleartext; and the limitations in certificate management (no provisions
for verifying the revocation status with a CA).
Thread
Return to August 1995
- Return to “Adam Shostack <adam@bwh.harvard.edu>”
- Return to “Alex Tang <altitude@cic.net>”
- Return to “Enzo Michelangeli <enzo@ima.com>”
- Return to “Eric Young <eay@mincom.oz.au>”
Return to “Jason Weisberger <jweis@primenet.com>”
- 1995-08-03 (Thu, 3 Aug 95 14:41:13 PDT) - SSLeay - Whats the story… - Jason Weisberger <jweis@primenet.com>
- 1995-08-03 (Thu, 3 Aug 95 15:53:01 PDT) - Re: SSLeay - Whats the story… - Eric Young <eay@mincom.oz.au>
- 1995-08-04 (Thu, 3 Aug 95 20:45:17 PDT) - Re: SSLeay - Whats the story… - Enzo Michelangeli <enzo@ima.com>
- 1995-08-04 (Thu, 3 Aug 95 21:55:54 PDT) - Re: SSLeay - Whats the story… - Alex Tang <altitude@cic.net>
- 1995-08-04 (Fri, 4 Aug 95 01:03:23 PDT) - Re: SSLeay - Whats the story… - Enzo Michelangeli <enzo@ima.com>
- 1995-08-04 (Fri, 4 Aug 95 01:50:54 PDT) - Re: SSLeay - Whats the story… - Eric Young <eay@mincom.oz.au>
- 1995-08-04 (Fri, 4 Aug 95 04:31:05 PDT) - Re: SSLeay - Whats the story… - Enzo Michelangeli <enzo@ima.com>
- 1995-08-04 (Fri, 4 Aug 95 01:50:54 PDT) - Re: SSLeay - Whats the story… - Eric Young <eay@mincom.oz.au>
- 1995-08-07 (Mon, 7 Aug 95 14:08:14 PDT) - Re: SSLeay - Whats the story… - Adam Shostack <adam@bwh.harvard.edu>
- 1995-08-04 (Fri, 4 Aug 95 01:03:23 PDT) - Re: SSLeay - Whats the story… - Enzo Michelangeli <enzo@ima.com>
- 1995-08-04 (Thu, 3 Aug 95 21:55:54 PDT) - Re: SSLeay - Whats the story… - Alex Tang <altitude@cic.net>