Re: Is encryption over RCP possible?

On 12/13/2010 01:27 PM, UseTheFork wrote:
> Hi Chris,
>
> On Dec 13, 5:14 pm, Chris Conroy <con...@google.com> wrote:
>> Please do not try to implement encryption yourself on the client side. This
>> is a fundamentally flawed idea. You will definitely not be doing anyone
>> (other than Eve) a service.
>
> Thanks for the advice, but I'll do it anyway. I have been reading and
> studying the subject a lot in the past. A proper RSA key generation +
> DH enhanced with Interlock Protocol + a good random generator will
> (overall) be a bit stronger than SSL/TLS.
>
>> SSL/TLS are secure since every OS ships with a set of certs that it trusts.
>
> Ewww, no. Not at all. That's not a good (or sufficient) reason to use
> SSL/TLS. It is more complicated than that. SSL/TLS is a good quick
> choice for those who don't know what they are doing in cryptography.
> But even then, I would always have a specialist review their work,
> because managing certificates properly is complicated. Moreover, SSL/
> TLS bears its own issues and weaknesses (MD5, some CipherSuites...)
> across versions. On top of this, not all browsers implement the latest
> version of TLS.
>

http://www.youtube.com/watch?v=wxrWz9XVvls

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.