Hi SSL hackers. I'm having some problems figuring out the exact format of the certificate chain (section 7.6.2 of the spec). Is it a single ASN.1 SEQUENCE or a...
Eric Murray ...
Apr 1, 1996 6:18 pm
1005
... the latter is NEARER what I read. a netscape vector is a stream of types, each internally delimited. The first BER TLV is the originator cert. If there is...
Peter Williams ...
Apr 1, 1996 7:10 pm
1006
... I beleive it is a cert, followed immediately by another cert (no vector), followed by another cert, etc. etc. root CA is last. This is what we have...
Patrick Richard ...
Apr 1, 1996 7:40 pm
1007
... Thanks! will change.. ... -- Pat Richard / patr@... / patr@... ... Advanced Systems Group - Cyberstore Systems Inc. ...
Patrick Richard ...
Apr 1, 1996 11:28 pm
1008
Can SSL work with any application proxy gateway that allow the configuration like this:- encrypted link Telnet or FTP client <-> proxy(A) with ssl aware telnet...
Friedrich ...
Apr 2, 1996 4:52 am
1009
I've been doing some quick checking into SSL, and I have a couple of questions for the SSL-wise out there... As per the SSL spec put out by Netscape, the goals...
Mike Bobbitt ...
Apr 2, 1996 1:09 pm
1010
... Meets the goal. 40-bits is good enough for credit cards and similar personal information. It is even good enough for dealing with some proprietary data,...
Donald Lewine ...
Apr 2, 1996 4:22 pm
1011
... Here's my answers to the above points: 1. Security. It's been heavily reviewed by a lot of smart people, including some top cryptographers. A lot of...
Eric Murray ...
Apr 2, 1996 5:41 pm
1012
... Why not just keep the negotiated session info around for the next connection? That way you do the expensive RSA foo only for the first connection, but you...
Eric Murray ...
Apr 2, 1996 5:44 pm
1013
... I find the SSL reconnect burdensome; if you look at network overhead, the number of messages involved only drops from 6 to 5 (no client auth). Many times...
Randy Wigginton ...
Apr 2, 1996 6:00 pm
1014
... Because the RSA foo also says that I am who I claim to be and not someone spoofing your IP address. There is some caching done but it has a much shorter...
Donald Lewine ...
Apr 2, 1996 7:25 pm
1015
... It's not clear what the firewall is supposed to protect. What does "SSL aware" mean here? Rick. smith@... secure computing corporation...
Rick Smith ...
Apr 2, 1996 7:36 pm
1016
... Session resumption is not dependent on IP address and can not be broken by spoofing IP addresses. Please read section F.1.4 of the current spec. I don't...
Eric Murray ...
Apr 2, 1996 7:39 pm
1017
... Applications may wish to impose other rules on such generic behaviour, however. Consider a threat environment in which servers supply information to...
Peter Williams ...
Apr 2, 1996 8:33 pm
1018
Hello. I am a professional Web programmer who is soon going to be involved in a project that includes credit card sales online, for which we of course need...
Terrance Hodgins ...
Apr 2, 1996 8:33 pm
1019
You can download SSLRef from Netscape's home page (near the SSL spec), which is a V2.0 implementation that is free for non-commercial use. Another freely...
Linda Talisman ...
Apr 2, 1996 11:26 pm
1020
... And those products are? :) -- "It is seldom that liberty of any kind is lost all at once." -Hume...
Adam Shostack ...
Apr 3, 1996 12:46 am
1021
"You keep saying that word, secure. I do not think it means what you think it means." Actually, I have no idea what Netscape thinks it means. I've openly...
Adam Shostack ...
Apr 3, 1996 1:00 am
1022
... Very little. The communication can't be secure unless both sides support the SSL protocol. ... Yes. The addition of certificates (and their associated...
Tim Dierks ...
Apr 3, 1996 1:21 am
1023
I just downloaded Atlas for sparc/solaris2.4. I was delighted to see a "Personal Certificates" option in the Security Preferences, but when I tried to "Obtain...
dave madden ...
Apr 3, 1996 3:02 am
1024
I've been digging into the SSL 3.0 spec (v3/4/96) and I've got a few questions. 1) Why isn't there any way for the client to attempt to indicate to the server...
Tim Dierks ...
Apr 3, 1996 3:12 am
1025
... The security of SSL is directly dependant on at least four things: - The security of the protocol - The security of the underlying cryptographic algorithms...
Tim Dierks ...
Apr 3, 1996 3:43 am
1026
... I think that what you think it means is not what the rest of us think it means. ... against reasonable attacks? Nothing is provably secure. Just because...
Eric Murray ...
Apr 3, 1996 3:54 am
1027
... Okay, you can try to protect from users sharing private keys - but how can you prevent users sharing the information they got from subscription basis? ...
Holger Reif ...
Apr 3, 1996 7:21 am
1028
... The fifth category (or step as Tim has used the term), *** CRITICAL *** SO OBVIOUS THAT IT IS OFTEN OVERLOOKED *** CRITICAL *** and by far the most wide...
W. Mark Clifford ...
Apr 3, 1996 1:20 pm
1029
... Am I to assume then that because of ITAR, the only encryption schemes supported in the exportable version are RC4-40 and RC2-40? I read in the spec for 3.0...
Mike Bobbitt ...
Apr 3, 1996 2:29 pm
1030
... Holger, access control is the key, and thats a pun! Commercial security has to include accountability as one of the fundamental security control...
Peter Williams ...
Apr 3, 1996 7:16 pm
1031
... In the Netscape presentation slides that I've seen, only RC4-40 is listed as the encryption supported in Netscape's exportable server products. Not RC4-40...
Jane Yuan ...
Apr 3, 1996 9:28 pm
1032
Probably because RC4-40 is what the BSA negotiated an 'accelerated export license' process for. Which is to say, its the only thing the NSA will let you...
Adam Shostack ...
Apr 3, 1996 11:11 pm
1033
... Thats (mostly) correct, which is why I think Netscape should use a different word. ... And what attacks are reasonable to assume? ... Does it? Most of my...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
