Secure HTTP servers.
Hi all, I just started working vfor a local ISP and they found out, i was on this list and knew a little about crypto. Anyway they seem to have the impression this would qualify me to know something. At any rate, on to the point of the mail. Could someone point me in the right direction for info on secure http servers ?? Also maybe info on which is better than the other ?? Jason
In iks.lists.cypherpunks, you wrote:
the point of the mail. Could someone point me in the right direction for info on secure http servers ?? Also maybe info on which is better than the other ??
Secure HTTP ist the HTTP protocol based on SSL sockets. You may choose any server you like or which fits your needs (database connections, ...). There are not so many cryptographic failtures a developer can do. Keep you hands away from servers only supporting exportable protocols. Ask you next Certification Authority for help, they must support your server software. (we do run one ;->)
Lutz Donnerhacke <lutz@iks-jena.de> writes:
In iks.lists.cypherpunks, you wrote:
the point of the mail. Could someone point me in the right direction for info on secure http servers ?? Also maybe info on which is better than the other ??
Secure HTTP ist the HTTP protocol based on SSL sockets. You may choose any server you like or which fits your needs (database connections, ...). There are not so many cryptographic failtures a developer can do. Keep you hands away from servers only supporting exportable protocols.
Ask you next Certification Authority for help, they must support your server software. (we do run one ;->)
Are the posters in this thread unwilling to criticize C2Net's StrongHold because they're afraid to get obnoxious threatening letters from Sameer Parekh's shysters? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
* Dr.Dimitri Vulis KOTM wrote:
Lutz Donnerhacke <lutz@iks-jena.de> writes:
Secure HTTP ist the HTTP protocol based on SSL sockets. You may choose any server you like or which fits your needs (database connections, ...). There are not so many cryptographic failtures a developer can do. Keep you hands away from servers only supporting exportable protocols.
Are the posters in this thread unwilling to criticize C2Net's StrongHold because they're afraid to get obnoxious threatening letters from Sameer Parekh's shysters?
Why should we deal with Stronghold while other alteratives work fine?
lutz@taranis.iks-jena.de (Lutz Donnerhacke) writes:
* Dr.Dimitri Vulis KOTM wrote:
Lutz Donnerhacke <lutz@iks-jena.de> writes:
Secure HTTP ist the HTTP protocol based on SSL sockets. You may choose any server you like or which fits your needs (database connections, ...). Ther are not so many cryptographic failtures a developer can do. Keep you hands away from servers only supporting exportable protocols.
Are the posters in this thread unwilling to criticize C2Net's StrongHold because they're afraid to get obnoxious threatening letters from Sameer Parekh's shysters?
Why should we deal with Stronghold while other alteratives work fine?
Good question, especially when other vendors don't seek to suppress the discussion of theirt products. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
On Wed, 1 Oct 1997, Dr.Dimitri Vulis KOTM wrote:
Are the posters in this thread unwilling to criticize C2Net's StrongHold because they're afraid to get obnoxious threatening letters from Sameer Parekh's shysters?
For what it's worth, we use Stronghold and are very happy with it. They ship almost all the code, and they provide worthwhile crypto outside of the States. Being based on Apache it has a fairly vibrant development community, so you can obtain modules to do Java servlets, inline Perl, access to various DBs, and so on, and participate in the development of those modules. It's moderately easy to install, configure, and customize, although you'd probably want a little bit of Unix sysadmin experience. I believe an NT port is in alpha. Criticism? A few times I've run into SIGSEGV's in the crypto libraries. To be fair, the problems are only visible when you plug in third-party modules, there are workarounds, and they may in fact be not Stronghold's fault. Also, their manual seems to have been out of print for months -- not such a problem because there's an online version, but still a bit annoying. UKWeb's technical support are quite good and compare extremely well to that of some large organizations. I have no evidence in support or rebuttal of C2Net's alleged harrassment of Dr Vulis, so I won't comment on that. -- Martin Pool Pharos
Martin Pool <mbp@pharos.com.au> writes:
I have no evidence in support or rebuttal of C2Net's alleged harrassment of Dr Vulis, so I won't comment on that.
Are you questioning whether I, Tim May, and several other people on this mailing list were threatened by C2Net';s lawyers? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
At 10:27 PM -0700 9/30/97, Jim wrote:
Hi all,
I just started working vfor a local ISP and they found out, i was on this list and knew a little about crypto. Anyway they seem to have the impression this would qualify me to know something. At any rate, on to the point of the mail. Could someone point me in the right direction for info on secure http servers ?? Also maybe info on which is better than the other ??
Stronghold is available internationally (http://www.c2.net). Also Netscape and Microsoft have secure HTTP servers with weak encryption in the export versions. I noticed that Lonely Planet in Australia was running Stronghold. ------------------------------------------------------------------------- Bill Frantz | Internal surveillance | Periwinkle -- Consulting (408)356-8506 | helped make the USSR the | 16345 Englewood Ave. frantz@netcom.com | nation it is today. | Los Gatos, CA 95032, USA
participants (6)
-
Bill Frantz -
dlv@bwalk.dm.com -
Jim -
Lutz Donnerhacke -
lutz@taranis.iks-jena.de -
Martin Pool