[Cryptography] Spec for SSLv1
Phillip Hallam-Baker
phill at hallambaker.com
Fri Oct 9 08:04:13 EDT 2015
On Thu, Oct 8, 2015 at 6:03 PM, ianG <iang at iang.org> wrote:
> On 5/10/2015 13:59 pm, Phillip Hallam-Baker wrote:
>
>> On Mon, Oct 5, 2015 at 1:04 AM, Yuhong Bao <yuhongbao_386 at hotmail.com
>> <mailto:yuhongbao_386 at hotmail.com>> wrote:
>>
>> Do anyone still have a spec for SSLv1 or was it just never written?
>>
>>
>> Basically SSLv2 but without any authentication checks.
>>
>> "He's talking about an authentication attack, Marc" - comment from the
>> only time it was shown in public
>>
>
>
> Snarky question: Who grumbled?
>
I pointed out the lack of authentication but not as concisely. Alan
Shiffman made the comment. Later Simon Spero pointed out a long list of
problems, most of which were fixed by Paul Kocher who got a ten days of
consulting to design the protocol.
> More or less snarky: Are they grumbling today on the TCPINC list?
I don't follow TCPINC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151009/6894106d/attachment.html>
More information about the cryptography
mailing list