SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Ben Laurie
ben at gonzo.ben.algroup.co.uk
Wed Nov 27 00:15:54 PST 1996
Douglas Barnes wrote:
>
>
> >> SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
> >
> >BTW, this doesn't come with source code.
> >
>
> No, it does not come with source code. Site licenses and OEM
> bundling packages will come with a source code option. Partners
> who work with us in internationalizing the product may also
> receive source code. However, it did not seem to be useful or
> appropriate for a consumer-level product like this.
>
> We are trying to find a happy medium between making sure that the
> security is well-reviewed, and doing things that make business
> sense and map onto standard industry practice for selling software
> products.
Really? Who reviewed the security of SafePassage?
>
> Note that SafePassage uses SSLeay for its encryption and SSL
> protocol layer; SSLeay has publicly available source code, and has
> been extensively reviewed.
I've never seen a security review of SSLeay, and if anyone gave it a clean bill
of health, they didn't have their eye on the ball. Note, I'm not knocking
SSLeay here, it is a wonderful lump of code, but it hasn't been written with
security in mind (IMHO).
Cheers,
Ben.
--
Ben Laurie Phone: +44 (181) 994 6435 Email: ben at algroup.co.uk
Freelance Consultant and Fax: +44 (181) 994 6472
Technical Director URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd, Apache Group member (http://www.apache.org)
London, England. Apache-SSL author
More information about the cypherpunks-legacy
mailing list