17 Dec
2003
17 Dec
'03
11:17 p.m.
On Fri, 4 Aug 1995, Alex Tang wrote:
just wondering but...What are the intrinsic points of weakness?
Perry Metzger and Mark Chen have recently expressed some criticism, and Adam Shostack, around the end of May, posted a review that hilighted a number of potential problem areas. Personally, I especially dislike the use of RC4-40 (yes, other algorithms are supported, but not using the export version of Netscape Navigator); the excessively large portion of the handshaking data exchanged as cleartext; and the limitations in certificate management (no provisions for verifying the revocation status with a CA).