"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
> In message <[EMAIL PROTECTED]>, EKR writes:
>
> > I'm assuming it's compiled into the code, since if it were in the
> > cert database, it could be tampered with.
>
> Sure -- just like Fortify can't exist...
Fair enough.
I would have kind of expected the Netscape and MS programmers
to make at least a token attempt to prevent this sort of attack,
but you do have a point.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/
