Gavin writes:
> Wirt wrote:
>
> > o It is a fixed algorithm. While SSL is a current industry
standard,
> > it's only one standard.
>
> I don't claim to know much about SSL, but my impression is that it is
> just a protocol, and doesn't imply any particular algorithm. At connect
> time, the two ends negotiate to select a common encryption method that is
> available to both installations. So I *think* it's fair to say that SSL
> is adequate from the point of view of needing to support new algorithms
> in the future.
I'm certainly no expert either, but a basic (1995-era) explanation of SSL can
be found at:
http://byerley.cs.waikato.ac.nz/~tonym/articles/ssl/node3.html
with a confusing (although heartfelt attempt at making it clear) explanation
at:
http://cgi.netscape.com/products/security/ssl/howitworks.html
Wirt Atmar