[714] in bugtraq
"Secure Socket Layer" protocol (NYT Article)
daemon@ATHENA.MIT.EDU (Richard Huddleston)
Mon Jan 23 23:01:00 1995
From: Richard Huddleston <reh@wam.umd.edu>
Date: Mon, 23 Jan 1995 21:46:01 -0500
To: perry@imsi.com
Cc: bugtraq@fc.net
* Christopher Klaus says:
* > To fully fix the problem will require all the vendors to come out with
* > kernel patches to make the TCP sequence numbering difficult to
* > guess,
* Even that is insufficient, actually. If you see a packet going by, you
* can still try to jam the works up and steal the connection anyway. The
* only permanent solution is a cryptographic security protocol for the
* net -- one is actually in the works now in the IETF.
* Perry
There's a protocol being touted by Netcape Communications Corportation
(formerly Mosaic Communications Corportation) which is supposedly strong
enough to conduct commerce over. It's description is in a document with
all the RFC-bound trappings, located on http://www.mcom.com/ someplace.
I'm not a member of the Brainiac Protocol Busters Club, but the protocol
looks pretty good to me. In lieu of the IETF protocol, has anybody
spotted flaws in the SSL ? It's up and working now, apparently.
Richard
