Summary of certifying Apache-SSL problems

• To: www-security@ns2.rutgers.edu
• Subject: Summary of certifying Apache-SSL problems
• From: Mike.Bremford@mail.bl.uk (Mike Bremford)
• Date: Wed, 1 May 1996 10:58:45 +0100

Well, its an easy enough summary to write.

The answer is "No, it can't be done" ;-)

This is because Verisign apparently won't certify anything thats not on its 
"tried and tested" list - they have to ensure that the code meets certain 
quality standards. Actually, thinking about this now, it would be very 
difficult for them to test the Apache-SSL using non-RSA libraries, as they're 
based in the US and therefore can't run the program without being in breach of 
RSAs patent... Christ, the legal profession has a lot to answer for...

Anyway, there are rumours of the guy who wrote the SSLeay library trying to 
negotiate with Verisign to get the library, and therefore the server, certified.
However, don't hold your breath.

Thanks to everyone that replied.

        Cheers... Mike

• Previous: Re: Java/Netscape security holes: hole du jour and summary
• Next: unsuscribe
• Index(es):
  • Index
  • Thread