Date: Mon, 29 Nov 1999 14:11:47 -0800
From: Tom Weinstein <[EMAIL PROTECTED]>
Organization: Geocast Network Systems
Sender: [EMAIL PROTECTED]
Jaroslav Pinkava wrote:
>
> Where can I get the last informations about present SSL security status?
> I seek more detailed information than contented in the following report:
>
> http://webdevelopersjournal.com/articles/is_ssl_dead.html
That article describes an attack against the link between URLs and
certificates. Neither Netscape nor MSIE are vulnerable to this attack. In
fact, I know of no browser that is vulnerable to this attack. This article is
mostly just a free advertisement for Digital Bond.
David Wagner and Bruce Schneier have performed an excellent analysis of SSL
3.0 which is available from http://www.counterpane.com/ssl.html
This paper is three years old now, but I believe it still accurately reflects
current knowledge of SSL 3.0's security. The TLS working group has addressed
some of the potential weaknesses mentioned in the paper and I'd encourage you
to use TLS if you have that option.
--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
