cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-11-29 - Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE

Header Data

From: null@void.gov
To: ben@algroup.co.uk
Message Hash: ab1833e3018432d42c8ac2384992e8763921a8ec149ca69301acb89cf38727a5
Message ID: <3.0.32.19961129093439.0069cb88@best.com>
Reply To: N/A
UTC Datetime: 1996-11-29 17:53:08 UTC
Raw Date: Fri, 29 Nov 1996 09:53:08 -0800 (PST)

Raw message

From: null@void.gov
Date: Fri, 29 Nov 1996 09:53:08 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <3.0.32.19961129093439.0069cb88@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, then, tanslation:

"I say SSLEAY is not secure - but to actually do the homework
to back my assertion then someone has to pay me."

Hmmmph.  Not very useful.  Nor credible.

>I think I would discuss this with the author before going public, to give
>him the usual opportunity to clean up before all hell breaks loose. However,
>that is what I'd call "work" rather than "fun", so I'd want paying for it.
>
>No doubt I'll take it up with Eric at some point, when neither of us has
>anything better to do.
>
>My impression is that Eric is more interested in speed and functionality than
>strict security (and considering the incredible vulnerability that is more or
>less inherent in an SSL implementation, I feel the same). I could be
wrong, of
>course.
>
>I will say that I'm not aware of any problems that a good firewall and
physical
>security don't take care of. That isn't to say there aren't any - I haven't
>looked that hard.
>
>Cheers,
>
>Ben.
>
>> 
>> >I've never seen a security review of SSLeay, and if anyone gave it a clean
>> bill
>> >of health, they didn't have their eye on the ball. Note, I'm not knocking
>> >SSLeay here, it is a wonderful lump of code, but it hasn't been written
with
>> >security in mind (IMHO).
>> >
>> >Cheers,
>> >
>> >Ben.
>> >
>> >-- 
>> >Ben Laurie                Phone: +44 (181) 994 6435  Email:
ben@algroup.co.uk
>> >Freelance Consultant and  Fax:   +44 (181) 994 6472
>> >Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>> >A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>> >London, England.          Apache-SSL author
>> >
>> >
>
>-- 
>Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
>Freelance Consultant and  Fax:   +44 (181) 994 6472
>Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>London, England.          Apache-SSL author
>
>

Thread