[Webfunds-devel] HEADS UP: security breakage expected
Jeroen C. van Gelderen
jeroen@vangelderen.org
Wed, 19 Jul 2000 17:49:12 -0400
Hi,
I'm in the process of adapting WebFunds to work on JDK 1.2 and
1.3 in addition to JDK 1.1.
My next commit will break WebFunds such that it will accept
as valid X.509 certificates that are in fact not valid. This
will allow for a MitM attack on the SOX protocol and maybe
some other bits. It will probably not affect anything but
the security of SOX bearer payments and your privacy.
Symptoms are that WebFunds will appear to work normally,
except for a diagnostic being printed to stdout.
Beware if you update your tree.
I'll unbreak WebFunds within a week or so, resulting in a WF
that works on JDK 1.1, 1.2 and 1.3.
--
Jeroen C. van Gelderen o _ _ _
jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_