1995-09-23 - Re: The Next Hack

Header Data

From: “Harry S. Hawk” <habs@warwick.com>
To: jsw@neon.netscape.com (Jeff Weinstein)
Message Hash: ba88f83fe693163834306b0d805bb6318c65a278ff0c1633117e695eab94fab0
Message ID: <199509231147.HAA21618@cmyk.warwick.com>
Reply To: <4407p5$on4@tera.mcom.com>
UTC Datetime: 1995-09-23 11:47:45 UTC
Raw Date: Sat, 23 Sep 95 04:47:45 PDT

Raw message

From: "Harry S. Hawk" <habs@warwick.com>
Date: Sat, 23 Sep 95 04:47:45 PDT
To: jsw@neon.netscape.com (Jeff Weinstein)
Subject: Re: The Next Hack
In-Reply-To: <4407p5$on4@tera.mcom.com>
Message-ID: <199509231147.HAA21618@cmyk.warwick.com>
MIME-Version: 1.0
Content-Type: text/plain



> In article <199509211832.LAA24086@infinity.c2.org>, sameer@c2.org
> (sameer) writes:

> > 	Now that we've seen that Netscape is doing a good job towards
> > trying to fix the hole that Ian and David have uncovered, it's time to
> > start looking at new things.

> > Proposal for action:


Jeff writes:
>   What else do you hope to gain by breaking a server key?  I think
> the point has been made.  Is there anything else that you would
> reasonably expect that we would do in response to a server key
> being broken that we have not already done?
> 
> 	--Jeff

Clearly the point that Sameer is making includes the Meta crypto creed,
which is a that all security systems and they components should be
discussed and tested in public. That it is not enough to test
the client and that encryption contained in server products must
also be dragged into the day light.

Harry Hawk			habs@panix.com
Freelancer for NetGuide Mag.
All comments are my own.




Thread