1995-08-24 - Re: Crypto DLL’s/SSLeay 0.4.5
Header Data
From: “Perry E. Metzger” <perry@piermont.com>
To: Eric Young <eay@mincom.oz.au>
Message Hash: 37fc7d61c2456c66c26f8bc2bc8328a39748a1268b89a3b4ec6756035bf22cae
Message ID: <199508241311.JAA13033@frankenstein.piermont.com>
Reply To: <Pine.SOL.3.91.950824215822.9077D-100000@orb>
UTC Datetime: 1995-08-24 13:11:58 UTC
Raw Date: Thu, 24 Aug 95 06:11:58 PDT
Raw message
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 24 Aug 95 06:11:58 PDT
To: Eric Young <eay@mincom.oz.au>
Subject: Re: Crypto DLL's/SSLeay 0.4.5
In-Reply-To: <Pine.SOL.3.91.950824215822.9077D-100000@orb>
Message-ID: <199508241311.JAA13033@frankenstein.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
Eric Young writes:
> On the PGPphone issue, I Personally I feel SSLphone would be a much
> better way of doing things.
Oh, yeah? No user certificates, no way to verify whats on the other
end. No assurances that you aren't being tricked into using a weak
algorithm because negotiation doesn't take place under cover of
signature. Lots of little potential cracks. Thanks, but no thanks.
This is not to slight your code. I'm slighting the protocol.
If folks want to secure links, stick to clean protocols to do the key
negotiation. I'm a fan of variants of STS myself, Photuris being a
biggie.
> For phone over modem, authentication is not really required
And why is that?
Perry
Thread
Return to August 1995
- Return to “Eric Young <eay@mincom.oz.au>”
Return to ““Perry E. Metzger” <perry@piermont.com>”
- 1995-08-24 (Thu, 24 Aug 95 05:36:30 PDT) - Crypto DLL’s/SSLeay 0.4.5 - Eric Young <eay@mincom.oz.au>
- 1995-08-24 (Thu, 24 Aug 95 06:11:58 PDT) - Re: Crypto DLL’s/SSLeay 0.4.5 - “Perry E. Metzger” <perry@piermont.com>
- 1995-08-25 (Fri, 25 Aug 95 00:34:10 PDT) - Re: Crypto DLL’s/SSLeay 0.4.5 - Eric Young <eay@mincom.oz.au>
- 1995-08-24 (Thu, 24 Aug 95 06:11:58 PDT) - Re: Crypto DLL’s/SSLeay 0.4.5 - “Perry E. Metzger” <perry@piermont.com>