Bugtraq mailing list archives
Re: SSL message broken
From: mark () zang com (Mark)
Date: Thu, 17 Aug 1995 15:19:41 -1000
Repercussions: Well, let me say this... Actual repercussions are up to the reader. Well's Fargo has just started allowing account manipulations via Netscape and a secure server.
There are only limited repercussions, the SSL that was broken was the 40 bit key exportable version that NetScape are forced to sell to non US citizens. The domestic version uses 128 bit keys and so is virtually impossible to break. The real problem is the US ITAR export laws, they cripple US industry by forcing them to sell inferior products internationally thus putting them at a large commercial disadvantage. Normal SSL is fine, the exportable version has been crippled and thus you are at risk of someone with access to significant computing power. If the SSL connections were allowed to be conducted with full security then there would not be a problem. The Wall Street Journal had an article in the last day or so that explained the correct situation. It would be good to reference that before trying to make any policy decisions. Cheers, Mark
Current thread:
- SSL message broken That Whispering Wolf... (Aug 16)
- Re: SSL message broken Mark (Aug 17)
- Re: SSL message broken That Whispering Wolf... (Aug 17)
- Re: SSL message broken Perry E. Metzger (Aug 17)
- CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Tom Fitzgerald (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Karl Strickland (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Ben Golding (Aug 20)
- Re: CERT Alert on new sendmail bug - any info? Neil Woods (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
- Re: SSL message broken Mark (Aug 17)
- Re: SSL message broken Scott McClung (Aug 18)