[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Netscape the Big Win
| From: Hal <[email protected]>
| Subject: Re: Netscape the Big Win
|
| [ much complaining by .pm deleted ]
|
| Note though that neither SSL or SHTTP requires that the certificates come
| from RSA. However the current versions of Netscape's browser do require this.
| This has been the source of much complaint and Netscape has promised that
| they will have some mechanism in the future to allow the user to
| choose his certificate signers. I am not sure how far RSA will let them
| off the leash, though.
I do know that at the Netscape Spring Training I attended, that was the
source of much consternation from the techies (who knew what it meant)
and Mr. ElGemal was certainly aware of it. The thing that scared me was
that most of the sales and marketing folks took the approach that I think
we can expect from them: "What! That's ridiculous! Oh, it's only $230?
Oh, okay. That's cheap enough." and then they went on their happy way.
The one "advantage" to SSL that they were pushing over SHTTP was that
SSL is a socket-level encryption mechanism, as opposed to protocol-
level. It doesn't conflict with SHTTP except in terms of adding to
the processing time.
I guess I don't see why SSL is so awful from a crypto standpoint.
Could someone a bit more educated on the nuts and bolts clue me
in on its weaknesses? As compared to other schemes, perhaps?
Thanks in advance,
Steve Champeon
Technical Lead, Web Services
Imonics Corporation