[6154] in cryptography@c2.net mail archive
Re: SSL security
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Mon Nov 29 17:51:41 1999
Message-ID: <3842FA23.B8004719@geocast.com>
Date: Mon, 29 Nov 1999 14:11:47 -0800
From: Tom Weinstein <tomw@geocast.com>
MIME-Version: 1.0
To: "jaroslav.pinkava@aec.cz" <jaroslav.pinkava@aec.cz>
Cc: "'cryptography@c2.net'" <cryptography@c2.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Jaroslav Pinkava wrote:
>
> Where can I get the last informations about present SSL security status?
> I seek more detailed information than contented in the following report:
>
> http://webdevelopersjournal.com/articles/is_ssl_dead.html
That article describes an attack against the link between URLs and
certificates. Neither Netscape nor MSIE are vulnerable to this attack. In
fact, I know of no browser that is vulnerable to this attack. This article is
mostly just a free advertisement for Digital Bond.
David Wagner and Bruce Schneier have performed an excellent analysis of SSL 3.0
which is available from http://www.counterpane.com/ssl.html
This paper is three years old now, but I believe it still accurately reflects
current knowledge of SSL 3.0's security. The TLS working group has addressed
some of the potential weaknesses mentioned in the paper and I'd encourage you
to use TLS if you have that option.
--
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice. You must understand Tao before | tomw@geocast.com
transcending structure. -- The Tao of Programming |
