From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
To: geeman@best.com
Message Hash: 0ce292ad664fbad7dcf74e8c381cc15da7c40326e5fde2bda24bc38f1d518b91
Message ID: <9611281907.aa27702@gonzo.ben.algroup.co.uk>
Reply To: <3.0.32.19961128085237.0069afc0@best.com>
UTC Datetime: 1996-11-28 20:10:57 UTC
Raw Date: Thu, 28 Nov 1996 12:10:57 -0800 (PST)
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Thu, 28 Nov 1996 12:10:57 -0800 (PST)
To: geeman@best.com
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <3.0.32.19961128085237.0069afc0@best.com>
Message-ID: <9611281907.aa27702@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
geeman@best.com wrote:
>
> At 07:12 AM 11/27/96 +0000, you wrote:
> .....etc
> Can you be more specific?
> What are the vulnerabilities you are aware of?
I think I would discuss this with the author before going public, to give
him the usual opportunity to clean up before all hell breaks loose. However,
that is what I'd call "work" rather than "fun", so I'd want paying for it.
No doubt I'll take it up with Eric at some point, when neither of us has
anything better to do.
My impression is that Eric is more interested in speed and functionality than
strict security (and considering the incredible vulnerability that is more or
less inherent in an SSL implementation, I feel the same). I could be wrong, of
course.
I will say that I'm not aware of any problems that a good firewall and physical
security don't take care of. That isn't to say there aren't any - I haven't
looked that hard.
Cheers,
Ben.
>
> >I've never seen a security review of SSLeay, and if anyone gave it a clean
> bill
> >of health, they didn't have their eye on the ball. Note, I'm not knocking
> >SSLeay here, it is a wonderful lump of code, but it hasn't been written with
> >security in mind (IMHO).
> >
> >Cheers,
> >
> >Ben.
> >
> >--
> >Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk
> >Freelance Consultant and Fax: +44 (181) 994 6472
> >Technical Director URL: http://www.algroup.co.uk/Apache-SSL
> >A.L. Digital Ltd, Apache Group member (http://www.apache.org)
> >London, England. Apache-SSL author
> >
> >
--
Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk
Freelance Consultant and Fax: +44 (181) 994 6472
Technical Director URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd, Apache Group member (http://www.apache.org)
London, England. Apache-SSL author
Return to November 1996
Return to “lucifer@dhp.com (Anonymous)”