One important security note that should be added to this draft: any client that supports this extension MUST perform some correlation between the requested hostname and the certificate returned in the SSL connection - otherwise the system becomes vulnerable to trivial Person-In-The-Middle attacks, with much less effort that conventional attacks. No currently deployed systems perform this checking; the next release of the Netscape 2 Beta does do the checking; previous versions are vulnerable. Simon ---- (defun modexpt (x y n) "computes (x^y) mod n" (cond ((= y 0) 1) ((= y 1) (mod x n)) ((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n)) (t (mod (* x (modexpt x (1- y) n)) n))))Received on Friday, 10 November 1995 11:16:36 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:42:56 UTC