Netscape the Big Win
Steven Champeon - Imonics Development
schampeo at imonics.com
Thu Jul 20 08:23:11 PDT 1995
| From: Hal <hfinney at shell.portal.com>
| Subject: Re: Netscape the Big Win
|
| [ much complaining by .pm deleted ]
|
| Note though that neither SSL or SHTTP requires that the certificates come
| from RSA. However the current versions of Netscape's browser do require this.
| This has been the source of much complaint and Netscape has promised that
| they will have some mechanism in the future to allow the user to
| choose his certificate signers. I am not sure how far RSA will let them
| off the leash, though.
I do know that at the Netscape Spring Training I attended, that was the
source of much consternation from the techies (who knew what it meant)
and Mr. ElGemal was certainly aware of it. The thing that scared me was
that most of the sales and marketing folks took the approach that I think
we can expect from them: "What! That's ridiculous! Oh, it's only $230?
Oh, okay. That's cheap enough." and then they went on their happy way.
The one "advantage" to SSL that they were pushing over SHTTP was that
SSL is a socket-level encryption mechanism, as opposed to protocol-
level. It doesn't conflict with SHTTP except in terms of adding to
the processing time.
I guess I don't see why SSL is so awful from a crypto standpoint.
Could someone a bit more educated on the nuts and bolts clue me
in on its weaknesses? As compared to other schemes, perhaps?
Thanks in advance,
Steve Champeon
Technical Lead, Web Services
Imonics Corporation
More information about the cypherpunks-legacy
mailing list