[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE



Well, then, tanslation:

"I say SSLEAY is not secure - but to actually do the homework
to back my assertion then someone has to pay me."

Hmmmph.  Not very useful.  Nor credible.

>I think I would discuss this with the author before going public, to give
>him the usual opportunity to clean up before all hell breaks loose. However,
>that is what I'd call "work" rather than "fun", so I'd want paying for it.
>
>No doubt I'll take it up with Eric at some point, when neither of us has
>anything better to do.
>
>My impression is that Eric is more interested in speed and functionality than
>strict security (and considering the incredible vulnerability that is more or
>less inherent in an SSL implementation, I feel the same). I could be
wrong, of
>course.
>
>I will say that I'm not aware of any problems that a good firewall and
physical
>security don't take care of. That isn't to say there aren't any - I haven't
>looked that hard.
>
>Cheers,
>
>Ben.
>
>> 
>> >I've never seen a security review of SSLeay, and if anyone gave it a clean
>> bill
>> >of health, they didn't have their eye on the ball. Note, I'm not knocking
>> >SSLeay here, it is a wonderful lump of code, but it hasn't been written
with
>> >security in mind (IMHO).
>> >
>> >Cheers,
>> >
>> >Ben.
>> >
>> >-- 
>> >Ben Laurie                Phone: +44 (181) 994 6435  Email:
[email protected]
>> >Freelance Consultant and  Fax:   +44 (181) 994 6472
>> >Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>> >A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>> >London, England.          Apache-SSL author
>> >
>> >
>
>-- 
>Ben Laurie                Phone: +44 (181) 994 6435  Email: [email protected]
>Freelance Consultant and  Fax:   +44 (181) 994 6472
>Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>London, England.          Apache-SSL author
>
>