[473] in WWW Security List Archive
Re: SLL protocol implementation ?
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Tue Feb 28 16:37:29 1995
Date: Tue, 28 Feb 95 08:29:01 PST
From: ekr@eit.com (Eric Rescorla)
To: www-security@ns2.rutgers.edu
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Sorry for the truncated previous message. User error. [EKR]
>From: marca@netscape.com (Marc Andreessen)
>As for the availability of the protocol specs, the S-HTTP spec that Terisa
>seems to be implementing to came out last November, and the SSL spec came
>out last October.
Sorry to nitpick a guy about his own product, but this isn't
quite correct. The current SSL rev <http://home.mcom.com/info/SSL.html>
appears to be dated Feb 7 and is really very different from the
October revision. In particular, (as of Nov 29) it fixes a number
of rather serious active attacks that were possible against the
October version.
The Terisa toolkits implement S-HTTP 1.1, which is described in
draft-rescorla-shttp-00.txt. This was released late November/early
December.
Regards,
-Ekr