[784] in bugtraq
Re: Re[2]: "Secure Socket Layer" protocol (NYT Article)
daemon@ATHENA.MIT.EDU (Rens Troost)
Thu Jan 26 12:50:48 1995
To: "Nayfield, Rod" <rnayfield@mail.iconnet.com>
Cc: perry@imsi.com, bugtraq@fc.net
In-Reply-To: Your message of "Tue, 24 Jan 1995 10:23:50 EST."
<9500247909.AA790976894@mail.IConNet.COM>
Reply-To: rens@imsi.com
Date: Thu, 26 Jan 1995 10:15:50 -0500
From: Rens Troost <rens@imsi.com>
>>>>> "Nayfield," == Nayfield, Rod <rnayfield@mail.iconnet.com> writes:
Nayfield,> The reason I think the SSL isn't that bad of an idea
Nayfield,> is that it is available _now_. You aren't going to have
Nayfield,> to wait for people to implement the IPSec proposals once
Nayfield,> they are finalized. I don't think that SSL is proposed
Nayfield,> as a long-term solution; but an interim one.
Nayfield,> Someday we will have fully cryptographic IP packets
Nayfield,> and sniffing will be dead as a dog. This can't happen
Nayfield,> tomorrow; so let's at least keep, say, my AMEX # safe.
The 'competitor' to SSL is not network-level encryption, but S-HTTP,
another secure hypertext spec. It's kind of in flux right now.
These issues get discussed on the www security list. signu up at
www-security-request@ns1.rutgers.edu
You can buy an S-HTTP developers kit from terisa (an RSA affiliate) in
the US. otherwise, hallam@dxal18.cern.ch is putting it into the CERN
library.
-Rens
