[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "encrypt tcp connections" hacks
On Feb 5, 9:02pm, Perry E. Metzger wrote:
> There is also SSL, which is what the Netscape people are pushing --
> stands for Secure Sockets Layer.
>-- End of excerpt from Perry E. Metzger
Of course SSL is not really a solution. First it requires that the server
have a well-known RSA public key. It is also not an optional service so it
requires new well-known ports for the secure services (such as https ). Also
for some strange reason it uses two session keys (both generated at the client
end) one for client->server and another for server->client. Not to mention I
distrust any protocol with provisions for sending bits of my key in the clear.