[3621] in WWW Security List Archive
Re: .htaccess created by CGI script...
daemon@ATHENA.MIT.EDU (hallam@sthelen.ai.mit.edu)
Sun Nov 24 20:40:43 1996
From: hallam@sthelen.ai.mit.edu
To: dmiller@vitnet.com.sg, www-security@ns2.rutgers.edu
Cc: hallam@sthelen.ai.mit.edu
In-Reply-To: Your message of "Sun, 24 Nov 96 15:33:16 +1100."
<Pine.LNX.3.92.961124153149.260A-100000@mothra.io.com.au>
Date: Sun, 24 Nov 96 17:39:30 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
>> I'd hardly call SSL "secure".
>Please explain what vunerabilities exist in SSL.
The burden of proof is the other way round, why should SSL be
considered secure? Until version 3.0 it was not being developed
by Jeff and Tahir, it was being developed by Marc and Kipp, neither
of whom were either particularly good at it or interested in
advice.
It is always necesssary to judge whether security is
sufficient for a particular application and situation. It
is not possible to supply "security" as a package.
It is however possible to supply insecurity as a packacge -
something which NIS, sendmail, NFS et al are all good at :-)
Phill
