[2128] in bugtraq
Re: SSL message broken
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Aug 18 00:08:31 1995
Date: Thu, 17 Aug 1995 23:32:13 -0400
Reply-To: perry@piermont.com
From: "Perry E. Metzger" <perry@piermont.com>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Thu, 17 Aug 1995 15:19:41 -1000."
<199508180119.PAA09487@zang.com>
"Mark (Mookie)" writes:
> >Repercussions: Well, let me say this... Actual repercussions are up to
> >the reader. Well's Fargo has just started allowing account manipulations
> >via Netscape and a secure server.
>
> There are only limited repercussions, the SSL that was broken was the 40
> bit key exportable version that NetScape are forced to sell to non US
> citizens. The domestic version uses 128 bit keys and so is virtually
> impossible to break.
You haven't been looking, have you. The "domestic" version that 99% of
the public gets is the export version because they can't make the
"domestic" version available for download -- its only available for
sale. Almost every person using Netscape uses the "export" version.
> Normal SSL is fine,
Actually, I have my doubts on that too....
Perry
