[5111] in cryptography@c2.net mail archive
Clear Session ID in SSLV3
daemon@ATHENA.MIT.EDU (Marcus J. Ranum)
Fri Jul 16 00:03:12 1999
Date: Thu, 15 Jul 1999 20:41:35 -0400
To: cryptography@c2.net
From: "Marcus J. Ranum" <mjr@nfr.net>
Does anyone have a pointer to why the session ID in SSLV3 is
in the clear, rather than encrypted? I'm sure there's a good
reason for it (audit? logging? other...?) but I'm trying to
pin down exactly why it was done that way. Can anyone point
me in the right direction?
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
