On Thu, 3 Aug 1995, Jason Weisberger wrote:
Maybe I miss it, but when did this arrive? Is anyone testing it?
You may take a look at http://www.psy.uq.oz.au/~ftp/Crypto/ My initial enthusiasm has somewhat vanished when I've realized that a free SSL implementation doesn't automatically allow to build a Netsite-compatible server: without a certificate issued by Verisign on behalf of Netscape Communications, Netscape Navigator won't talk to it. As SSL has some intrinsic points of weakness, I don't see the point of sticking to it to secure the TCP layer. For details, see also http://petrified.cic.net/~altitude/ssl/ssl.saga.html On the other hand, the CryptoTCP approach (see the file ctcp.0.9.tar.gz at ftp://utopia.hacktic.nl/pub/crypto) looks promising. Is anybody working on it? I'm interested in exchanging ideas, as I'm thinking of adding CryptoTCP client capabilities to a SOCKS 4.2 daemon. I see three major areas for improvement: 1. A better PRNG for the session key 2. Authentication of the D-H key exchange with digital signatures, a` la Photuris 3. Less "hard-wired" structure: at present, for example, the module size for D-H calculations is fixed at 1024 bits. 1. and 2. are relatively easy, but 3. would require a lot of work. Also, being able to negotiate different encryption algorithm in addition to triple-DES wouldn't be bad.