[gnutls-dev]Re: GNU TLS
pasky at pasky.ji.cz
Wed Jul 10 12:42:02 CEST 2002
Dear diary, on Wed, Jul 10, 2002 at 12:32:17PM CEST, I got a letter,
where Nikos Mavroyanopoulos <nmav at gnutls.org> told me, that...
> > Similarly, a lot of web SERVERS such as older versions of Microsoft
> > IIS still use weak cryptography. If GNU TLS is used in a browser, it
> > won't be able to connect by SSL to such servers. This situation is
> > even worse than the GNU TLS server case, since the GNU TLS browser
> > user will usually have no hope of persuading the server operator to
> > upgrade. So again, s/he'll have to abandon the site or else turn
> > off TLS.
> He cannot persuade him, but he should not trust him bussiness anyway.
> Offering secure services restricted to 40 bit ciphers, is a joke.
I develop browser with support for GNUTLS (parallel to OpenSSL, for legal
reasons; thanks for GNUTLS as an alternative!), and I must say that such
statements like "he shouldn't use it anyway" are unfortunately a bit far away
from reality. Users usually don't care, they just ie. paid some service and
just know that they must write "https://" in front of the URL. They don't
understand this cypher bussiness at all, they just want to be able to use that
service with my browser and no matter what excuses I will make why the browser
can't display the page, they will be just upset on me and possibly stop using
the browser. By supporting weak cyphers and ie. popping up a warning window
that the cypher is too weak and easy to break and if the user really want to
proceed, one can educate users, make them ask site admins why such a weak
cypher is used etc. If the page is just not displayed, users just think it's
some strange paranoia of this browser and that the browser is basically broken,
as "it can't display pages other browsers can display".
Petr "Pasky" Baudis
* ELinks maintainer * IPv6 guy (XS26 co-coordinator)
* IRCnet operator * FreeCiv AI occassional hacker
"Capitalism is the extraordinary belief that the nastiest of men,
for the nastiest of reasons, will somehow work for the benefit of
us all." -- John Maynard Keynes
Public PGP key && geekcode && homepage: http://pasky.ji.cz/~pasky/
More information about the Gnutls-devel