[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "encrypt tcp connections" hacks




On Feb 5,  9:02pm, Perry E. Metzger wrote:

> There is also SSL, which is what the Netscape people are pushing --
> stands for Secure Sockets Layer.
>
>
>-- End of excerpt from Perry E. Metzger

  Of course SSL is not really a solution.  First it requires that the server
have a well-known RSA public key.  It is also not an optional service so it
requires new well-known ports for the secure services (such as https ).  Also
for some strange reason it uses two session keys (both generated at the client
end) one for client->server and another for server->client.  Not to mention I
distrust any protocol with provisions for sending bits of my key in the clear.
	Clinton


--