[1058] in WWW Security List Archive
Re: N$ SSL vs M$ PCT
daemon@ATHENA.MIT.EDU (sameer)
Wed Oct 18 01:36:56 1995
From: sameer <sameer@c2.org>
To: bsy@microsoft.com (Bennet Yee)
Date: Tue, 17 Oct 1995 19:09:19 -0700 (PDT)
Cc: adam@bwh.harvard.edu, www-security@ns2.rutgers.edu
In-Reply-To: <9510170909.AA22175@netmail2.microsoft.com> from "Bennet Yee" at Oct 17, 95 00:54:15 am
Errors-To: owner-www-security@ns2.rutgers.edu
> We don't admonish programmers against overflowing their buffers nor
> do we warn them against storing the users' private keys unencrypted
> on the users' disk. There are lots of cryptographic/security common
> sense assumptions that we leave out. We -do- tell the programmers to
> use a cryptographically secure pseudo-random number generator. That
Seems more like a political decision to chose to describe one
over the other rather than anything else.
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
The Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") sameer@c2.org
