SSL, banks, was Re: [plug] StarOffice

Mike Holland myk at golden.wattle.id.au
Tue Jun 27 21:37:45 WST 2000


On Tue, 27 Jun 2000, Peter Wright wrote:

> The bank exception is still for what _they're_ using at _their_ end. If

Pete, sorry but where did you get this idea?
The banks have site certificates that
enable 128-bit encryption on _your_ browser. Banks _always_ use 128 bit
encryption with web browsers, or none. Never 40 bit AFAIK.

> the user only has a 40-bit-capable SSL browser, then the communication
> should be only 40-bit SSL'ed.

The export versions were 128 bit "capable" - thats why fortify
could exist. They were just crippled to normally use 40-bit.

Check the netscape docs, e.g. http://home.netscape.com/security/index.html

           online merchants, banks, healthcare, and insurance
           companies and overseas subsidiaries of U.S. corporations
           can use 128-bit server certificates to enable strong
           encryption for all of their customers who use either the
           domestic or export version of the latest leading browsers


Commbank say "Obtain the very latest Java Virtual Machine available for
your OS." but the site seems to work fine with java disabled.


Mike Holland  <mike at golden.wattle.id.au>
                          --==--




More information about the plug mailing list