[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NetScape's dependence upon RSA down for the count!



Well guys and gals ...

I spent some time reading documentation on the www servers for NetScape
and Community ConneXion (c2.org).

The "messenger attack" as described in my earlier posts regarding
public key encryption and key management seems to apply to NetScape's SSL.
I have a Fifty dollar bill for the first person to submit to the mail box
[email protected] a working Unix server (with cleartext session logs) which
accepts all connections on a unix based host to the www port and redirects
them to netscape.com leaving a clear text log of each session's SSL packets
in /tmp by session.  All entries become the property of DMS Design. The winner
and I will submit a claim for one of Community COnneXion's "I HACKED NETSCAPE"
tee shirts as a server hack. (Have Fun!!)

After a careful examination of NetScapes public documentation it appears
that SSL which is based upon RSA's public key technology may be down for the
count. The fall of SSL would doom NetScapes current claim of "Strong exhortable
cryptography for credit card-based financial transactions" as outlined
in Taher Elgamal's (NetScape's Chief Scientist) white paper titled
"COMMERCE ON THE INTERNET: CREDIT CARD PAYMENT APPLICATIONS OVER THE INTERNET"
Version 1.00 dated July 14, 1995 which can be found on the www as
http://home.netscape.com/newsref/std/credit.html. SSL doc can be found as
http://home.netscape.com/newsref/std/SSL.html.

John L. Bass
Owner, DMS Design