Douglas Barnes wrote:
SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
BTW, this doesn't come with source code.
No, it does not come with source code. Site licenses and OEM bundling packages will come with a source code option. Partners who work with us in internationalizing the product may also receive source code. However, it did not seem to be useful or appropriate for a consumer-level product like this.
We are trying to find a happy medium between making sure that the security is well-reviewed, and doing things that make business sense and map onto standard industry practice for selling software products.
Really? Who reviewed the security of SafePassage?
Note that SafePassage uses SSLeay for its encryption and SSL protocol layer; SSLeay has publicly available source code, and has been extensively reviewed.
I've never seen a security review of SSLeay, and if anyone gave it a clean bill of health, they didn't have their eye on the ball. Note, I'm not knocking SSLeay here, it is a wonderful lump of code, but it hasn't been written with security in mind (IMHO). Cheers, Ben. -- Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk Freelance Consultant and Fax: +44 (181) 994 6472 Technical Director URL: http://www.algroup.co.uk/Apache-SSL A.L. Digital Ltd, Apache Group member (http://www.apache.org) London, England. Apache-SSL author