On 12/13/2010 01:27 PM, UseTheFork wrote: > Hi Chris, > > On Dec 13, 5:14 pm, Chris Conroy <con...@google.com> wrote: >> Please do not try to implement encryption yourself on the client side. This >> is a fundamentally flawed idea. You will definitely not be doing anyone >> (other than Eve) a service. > > Thanks for the advice, but I'll do it anyway. I have been reading and > studying the subject a lot in the past. A proper RSA key generation + > DH enhanced with Interlock Protocol + a good random generator will > (overall) be a bit stronger than SSL/TLS. > >> SSL/TLS are secure since every OS ships with a set of certs that it trusts. > > Ewww, no. Not at all. That's not a good (or sufficient) reason to use > SSL/TLS. It is more complicated than that. SSL/TLS is a good quick > choice for those who don't know what they are doing in cryptography. > But even then, I would always have a specialist review their work, > because managing certificates properly is complicated. Moreover, SSL/ > TLS bears its own issues and weaknesses (MD5, some CipherSuites...) > across versions. On top of this, not all browsers implement the latest > version of TLS. >
http://www.youtube.com/watch?v=wxrWz9XVvls -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.