[OWASP-GUIDE] Odds and ^*%(^%'s

Mark Curphey mark at curphey.com
Wed Mar 26 03:04:07 EST 2003


Could do that as well. Either way when I just read it back it is really
weak. I hold my hand u to that one ;-) Given SSL's prevalence I think we
nd to discuss versions, cipher specs, cipher and key length negotiation
(most people still don't get it thats its the client that normally
chooses). The is nothing about certs as well, how many people check the
CRL using OpenSSL ? In short a complete overhaul and then figure out if
its its own section or drop it in crypto. Seem sensible ?




On Tue, 2003-03-25 at 23:57, Adrian Wiesmann wrote:
> > Can you resend the PDF ? I cant see I ever got it.
> 
> I try to :) I sent it private to you and Ray a few days ago...
> 
> > I am editing the Session Management Chapter now. It seems to me that SSL
> > and TLS should be on their own in a Transport Security Chapter. IS that
> > what everyone else thinks as well ?
> 
> I would vote for taking it into the crypto chapter for it is more crypto
> than session...
> 
> Regards,
> Adrian
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by:
> The Definitive IT and Networking Event. Be There!
> NetWorld+Interop Las Vegas 2003 -- Register today!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-guide
-- 
Mark Curphey <mark at curphey.com>





More information about the Owasp-guide mailing list