From: jbass@dmsd.com (John L. Bass)
Date: Mon, 2 Oct 95 19:28:43 PDT
To: David_A Wagner <daw@cs.berkeley.edu>
Subject: Re: NetScape's dependence upon RSA down for the count!
Message-ID: <9510030228.AA15693@dmsd.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry David,

	The offer was for a server/filter/MITM/proxy that logged clear text
not cyphered text for the SSL stream. Combine your program with SLL code
from other sources and 95% of the program is complete. Add to that a way
to produce a valid certificate for the client and you will earn the $50
and a lot of praise for a job well done from everybody.

> > I have a Fifty dollar bill for the first person to submit to the mail box
> > nethack@dmsd.com a working Unix server (with cleartext session logs) which
> > accepts all connections on a unix based host to the www port and redirects
> > them to netscape.com leaving a clear text log of each session's SSL packets
> > in /tmp by session.  All entries become the property of DMS Design. The winner
> > and I will submit a claim for one of Community COnneXion's "I HACKED NETSCAPE"
> > tee shirts as a server hack. (Have Fun!!)
> > 
> 
> This is a trivial program!  I can't believe anyone considers this
> technically difficult.  But hey, who am I to question, if you'll
> pay $50!
> 
> Ok, let me back that up with real code.  Here's a proxy I've been
> using for experimenting, in lieu of root access & tcpdump.

For the rest of you, David gave you a small jump start. Checkout the
web pages at C2.org and netscape.com for access to the ssl prototype
code.

Have fun,
John Bass
Owner, DMS Design