[2129] in bugtraq
Re: SSL message broken
daemon@ATHENA.MIT.EDU (That Whispering Wolf...)
Fri Aug 18 00:09:48 1995
Date: Thu, 17 Aug 1995 20:16:48 -0700
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: "That Whispering Wolf..." <elfchief@lupine.org>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199508180119.PAA09487@zang.com> from "Mark" at Aug 17,
95 03:19:41 pm
> Normal SSL is fine, the exportable version has been crippled and thus you
> are at risk of someone with access to significant computing power. If the
> SSL connections were allowed to be conducted with full security then there
> would not be a problem.
How many people do you know that use the non-exportable version of
Netscape?
A quick check with about 50 people (aren't online games neat?) that use
Netscape indicates that 45 or so of them don't even know that any other
version than the one on the FTP site (exportable) exists, and none of the
remainder actually have posession of the more secure version.
Though there is a propperly secure version, the 40-bit-key version is the
de-facto standard on the net right now... Which means that basically ANYONE
that's trying to base secure transactions on netscape and SSL is at risk.
IMHO, of course.
-WW
