[Cryptography] Spec for SSLv1

Phillip Hallam-Baker phill at hallambaker.com
Fri Oct 9 08:04:13 EDT 2015

On Thu, Oct 8, 2015 at 6:03 PM, ianG <iang at iang.org> wrote:

> On 5/10/2015 13:59 pm, Phillip Hallam-Baker wrote:
>> On Mon, Oct 5, 2015 at 1:04 AM, Yuhong Bao <yuhongbao_386 at hotmail.com
>> <mailto:yuhongbao_386 at hotmail.com>> wrote:
>>     Do anyone still have a spec for SSLv1 or was it just never written?
>> Basically SSLv2 but without any authentication checks.
>> "He's talking about an authentication attack, Marc" - comment from the
>> only time it was shown in public
> Snarky question:  Who grumbled?

I pointed out the lack of authentication but not as concisely. Alan
Shiffman made the comment. Later Simon Spero pointed out a long list of
problems, most of which were fixed by Paul Kocher who got a ten days of
consulting to design the protocol.

> More or less snarky:  Are they grumbling today on the TCPINC list?

I don't follow TCPINC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151009/6894106d/attachment.html>

More information about the cryptography mailing list