From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 20 Sep 95 05:12:05 PDT
To: aba@atlas.ex.ac.uk
Subject: Re: NYT on Netscape Crack
In-Reply-To: <155.9509191654@exe.dcs.exeter.ac.uk>
Message-ID: <199509201211.IAA04771@frankenstein.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



aba@atlas.ex.ac.uk writes:
> Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com> writes:
> > Oh, can we now expect to see source to at least the security portions of  
> > Navigator and the Commerce server?

> An excellent proposal.

Not especially usefull. The bulk of the security problems won't
obviously have anything to do with the "security" portion of the code.

> Save Ian and David the effort of reverse engineering it again (which
> it is obviously pointless, and more: mathematically impossible, to do),

What do you mean, mathematically impossible? Thats silly.

> Or if that doesn't sit well with copyright interests, how about
> writing up an open spec about how the random number generator works?
> Then we can critique it.

That makes good sense, but I doubt they are that sensible. I also
worry that they would try to do something like patenting obvious and
long used techniques to "protect" themselves.

Perry