SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
null at void.gov
null at void.gov
Fri Nov 29 09:53:08 PST 1996
Well, then, tanslation:
"I say SSLEAY is not secure - but to actually do the homework
to back my assertion then someone has to pay me."
Hmmmph. Not very useful. Nor credible.
>I think I would discuss this with the author before going public, to give
>him the usual opportunity to clean up before all hell breaks loose. However,
>that is what I'd call "work" rather than "fun", so I'd want paying for it.
>
>No doubt I'll take it up with Eric at some point, when neither of us has
>anything better to do.
>
>My impression is that Eric is more interested in speed and functionality than
>strict security (and considering the incredible vulnerability that is more or
>less inherent in an SSL implementation, I feel the same). I could be
wrong, of
>course.
>
>I will say that I'm not aware of any problems that a good firewall and
physical
>security don't take care of. That isn't to say there aren't any - I haven't
>looked that hard.
>
>Cheers,
>
>Ben.
>
>>
>> >I've never seen a security review of SSLeay, and if anyone gave it a clean
>> bill
>> >of health, they didn't have their eye on the ball. Note, I'm not knocking
>> >SSLeay here, it is a wonderful lump of code, but it hasn't been written
with
>> >security in mind (IMHO).
>> >
>> >Cheers,
>> >
>> >Ben.
>> >
>> >--
>> >Ben Laurie Phone: +44 (181) 994 6435 Email:
ben at algroup.co.uk
>> >Freelance Consultant and Fax: +44 (181) 994 6472
>> >Technical Director URL: http://www.algroup.co.uk/Apache-SSL
>> >A.L. Digital Ltd, Apache Group member (http://www.apache.org)
>> >London, England. Apache-SSL author
>> >
>> >
>
>--
>Ben Laurie Phone: +44 (181) 994 6435 Email: ben at algroup.co.uk
>Freelance Consultant and Fax: +44 (181) 994 6472
>Technical Director URL: http://www.algroup.co.uk/Apache-SSL
>A.L. Digital Ltd, Apache Group member (http://www.apache.org)
>London, England. Apache-SSL author
>
>
More information about the cypherpunks-legacy
mailing list