Tuesday, July 6, 2004

New Attack on RSA-based SSL/TLS Protocols

This type of attack is (currently) quite noisy/easy to detect but doesn't bode well for SSL-based web sites. Fortunately, OpenSSL (the library used by Apache) has been patched against this. Can anyone make comment on the MS side of the house?