| From: Hal <hfinney@shell.portal.com> | Subject: Re: Netscape the Big Win | | [ much complaining by .pm deleted ] | | Note though that neither SSL or SHTTP requires that the certificates come | from RSA. However the current versions of Netscape's browser do require this. | This has been the source of much complaint and Netscape has promised that | they will have some mechanism in the future to allow the user to | choose his certificate signers. I am not sure how far RSA will let them | off the leash, though. I do know that at the Netscape Spring Training I attended, that was the source of much consternation from the techies (who knew what it meant) and Mr. ElGemal was certainly aware of it. The thing that scared me was that most of the sales and marketing folks took the approach that I think we can expect from them: "What! That's ridiculous! Oh, it's only $230? Oh, okay. That's cheap enough." and then they went on their happy way. The one "advantage" to SSL that they were pushing over SHTTP was that SSL is a socket-level encryption mechanism, as opposed to protocol- level. It doesn't conflict with SHTTP except in terms of adding to the processing time. I guess I don't see why SSL is so awful from a crypto standpoint. Could someone a bit more educated on the nuts and bolts clue me in on its weaknesses? As compared to other schemes, perhaps? Thanks in advance, Steve Champeon Technical Lead, Web Services Imonics Corporation