[3626] in WWW Security List Archive
Re: .htaccess created by CGI script...
daemon@ATHENA.MIT.EDU (Dan Geer)
Mon Nov 25 17:25:00 1996
To: www-security@ns2.rutgers.edu
In-reply-to: Your message of "Fri, 22 Nov 1996 17:07:13 EST."
<199611222207.RAA17149@sumac.digex.net>
Date: Mon, 25 Nov 1996 14:16:03 -0500
From: Dan Geer <geer@openmarket.com>
Errors-To: owner-www-security@ns2.rutgers.edu
> Use SSL and client certs. Secure, powerful, and flexible.
I'd hardly call SSL "secure".
I would suggest that all get their hands on this paper
An Analysis of SSL 3.0
David Wagner, Berkeley, and Bruce Schneier, Counterpane Systems
Proceedings 2nd USENIX Workshop on Electronic Commerce
18-21 November 1996, Oakland, California
I was there and I have read the paper. The closing
paragraph of it says, with considerable support, that
"We conclude that, while there are still a few technical
wrinkles to iron out, on the whole SSL 3.0 is a valuable
contribution towards practical communications security."
If you don't care to trust Wagner & Schneier, you'll
probably have to do it yourself...
As to availability---
All EC96 abstracts are available from
http://www.usenix.org/publications/library/proceedings/ec96/index.html
Full papers, in ASCII or PostScript, are available to USENIX
members via the hotlinks in the above document.
Proceedings in hardcopy are available from the office:
USENIX Association
2560 Ninth Street, Suite 215
Berkeley, California 94710
510-528-8649
FX 510-548-5738
--dan
