"encrypt tcp connections" hacks

Trool the Red Adept cdbunch at bansai.ucs.uoknor.edu
Mon Feb 6 09:58:33 PST 1995

On Feb 5,  9:02pm, Perry E. Metzger wrote:

> There is also SSL, which is what the Netscape people are pushing --
> stands for Secure Sockets Layer.
>-- End of excerpt from Perry E. Metzger

  Of course SSL is not really a solution.  First it requires that the server
have a well-known RSA public key.  It is also not an optional service so it
requires new well-known ports for the secure services (such as https ).  Also
for some strange reason it uses two session keys (both generated at the client
end) one for client->server and another for server->client.  Not to mention I
distrust any protocol with provisions for sending bits of my key in the clear.


More information about the cypherpunks-legacy mailing list