"Additional leading sources of information have been compiled here to download and review at your leisure"
"In recent months, with the rise of a new business model for SSL Certificate issuance, some CAs now issue lower-assurance server certificates without authenticating the subscriber…As a result, consumer confidence in the security of electronic commerce may be at risk"
"The attacker would likely select an e-commerce site that users would be likely to trust, set up a web site that purported to be the legitimate e-commerce site, then create a bogus SSL server certificate bolstering that claim. If a user visited the attacker's site, the certificate would allow it to set up a valid SSL session, "confirming" that it was indeed the legitimate e-commerce site. The user might then choose to provide sensitive information such as credit card numbers to the attacker's site."
"Server Gated Cryptography (SGC) is a mechanism that permitted Web browsing software to use strong (128-bit) SSL encryption. Typically, SGC is included with products that were released before the lifting of export controls on strong encryption."
"The first public version of SSL, version 2, suffered from a number of security flaws, which have been fixed in SSLv3"
"The most recent version of the Internet Draft dated November 1996, may be viewed here. It is an ASCII document"
"Low Assurance SSL Certificates with no entity authentication DO NOT deliver confidentiality or integrity. Why is this? Because confidentiality and integrity are the result of being able to encrypt and encryption requires authentication"