Big Browser and SSL

[Bazzer]

Jeremy wrote:

>RSA to send the symmettric session key to the web server, for the
>symmettric algorithm I think mainly RC4 is used.  The latest version
>of Netscape (4.73) now has full strength 128 bit encryption, and the
>latest version of IE probably does too, so to make sure that SSL is as
>secure as possible you should download an up to date web browser.
>Note that the web server also has to support 128 bit SSL.

Thanks for info.  There is a MS update patch to 128 bit for IE5 for anyone who has
the 56 bit version.

[snip]

>If the third parties are outside of the UK, then they have no
>obligation to the UK government under RIP to hand over logs etc.  This
>means that anyone using SSL web based email or SSL anonymous proxies
>is reasonably safe.

RIP refers to international co-operation agreements, but whether these would
include web logs etc. is another matter.  Personally, I would have no real
objection to this - here, or abroad under an international co-operation
agreememet - providing it was done on a per individual, per warrant, basis under
the direct hand of the Home Secretary (i.e. it would have to be for a fairly
serious reason).  Where RIP really takes the urine in this respect is where it
suggests that various Gov't Departments can, all but unfetterd, monitor comms data
on a mass, no-holes-barred basis, with little or no real public accountability.
Strange to say, the Berlin wall came down some years ago!

Bazzer.