From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Thu, 29 Aug 1996 23:24:38 +0800
To: cypherpunks@toad.com
Subject: Hmmm MSIE V2.0
Message-ID: <1996-Aug29-122751.1>
MIME-Version: 1.0
Content-Type: text/plain


It seems to be that MSIE V2.0 transmits its data in the clear once it has
transmitted the client hello and received the server hello SSL records
in some limited circumstance or other.

I don't know how widely this bug exists.  Neither do I know which versions
other than the French one has it.  However, if you point your version
of MSIE at

https://beta.mkn.co.uk/help/system/msie

and it indicates that the client has encryption problems.
Then you have that problem as well.  I would watch this one.

Anyone feeling like tracing the packets will find it easier to crack than
2 bit SSL. (let alone 40 bit or 128 bit).

Any thoughts?