[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSLeay - Whats the story...

To: Alex Tang <[email protected]>
Subject: Re: SSLeay - Whats the story...
From: Enzo Michelangeli <[email protected]>
Date: Fri, 4 Aug 1995 16:03:22 +0800 (HKT)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Fri, 4 Aug 1995, Alex Tang wrote:

> 
> just wondering but...What are the intrinsic points of weakness?  

Perry Metzger and Mark Chen have recently expressed some criticism, and
Adam Shostack, around the end of May, posted a review that hilighted a 
number of potential problem areas.

Personally, I especially dislike the use of RC4-40 (yes, other algorithms 
are supported, but not using the export version of Netscape Navigator); 
the excessively large portion of the handshaking data exchanged as 
cleartext; and the limitations in certificate management (no provisions 
for verifying the revocation status with a CA).

Follow-Ups:
- Re: SSLeay - Whats the story...
  - From: Eric Young <[email protected]>

References:
- Re: SSLeay - Whats the story...
  - From: Alex Tang <[email protected]>

Prev by Date: RSA has been proved correct
Next by Date: Re: SSLeay - Whats the story...
Prev by thread: Re: SSLeay - Whats the story...
Next by thread: Re: SSLeay - Whats the story...
Index(es):
- Date
- Thread