1995-08-07 - Re: SSLeay - Whats the story…

Header Data

From: Adam Shostack <adam@bwh.harvard.edu>
To: altitude@cic.net (Alex Tang)
Message Hash: 1845af17a8b8d25339033a62a19b8c6e4d4d9a2255943600d8789dc4e75b4b32
Message ID: <199508072107.RAA22991@bwh.harvard.edu>
Reply To: <199508040455.AAA18486@petrified.cic.net>
UTC Datetime: 1995-08-07 21:08:14 UTC
Raw Date: Mon, 7 Aug 95 14:08:14 PDT

Raw message

From: Adam Shostack <adam@bwh.harvard.edu>
Date: Mon, 7 Aug 95 14:08:14 PDT
To: altitude@cic.net (Alex Tang)
Subject: Re: SSLeay - Whats the story...
In-Reply-To: <199508040455.AAA18486@petrified.cic.net>
Message-ID: <199508072107.RAA22991@bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain



| > As SSL has some intrinsic points of weakness, I don't see the point
| > of sticking to it to secure the TCP layer.
| 
| just wondering but...What are the intrinsic points of weakness?  

	As Bruce Schneier reminded people in his keynote at Defcon,
its easier to steal the keys than to break the cryptosystem.  Web
servers tend to be far too big and bulky to be trusted with
cryptographic keys.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





Thread