Security Portal: Internationally Available Strong Crypto Products, Part IIISep 20, 1999, 14:08 (0 Talkback[s])
"This is the third part in a series of three articles devoted to Persons needing strong crypto Internationally. Part three focuses on Development Environments and Secure Web Services."
"Be careful when choosing libraries, quality of implementations differ. In particular the quality of random number generation, obfuscation of clear-text in memory and even clean algorithms varies greatly. Access to full sources makes debugging and verification easier..."
"Secured web services are based on the use of standard application protocols over SSL. Netscape's secure socket layer is a "plug-in" socket layer (port 443 for HTTP) offering client & server authentication, integrity checking, compression and encryption. It is currently an Internet draft (not yet approved). It is designed to fit on the transport layer in the TCP/IP stack (like Berkeley sockets), but below applications (such as telnet, ftp, HTTP). SSL was introduced in July 1994."