[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Tue Aug 19 03:13:11 CDT 2008


Am 18.08.2008 um 23:34 schrieb Eric Rescorla:

> (2) What protocol it's embodied in.

Well, what I don't understand: We already have ESessions. Why do we  
need another protocol now? ESessions offers nearly everything you can  
think of. It offers public keys, but you can also use secrets instead  
of public/private keys. It offers SAS, but also fingerprints. It  
allows a variety of algorithms etc.

IMO, it offers all we need. All that's missing is a cryptanalysis for  
it.

--
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/c2360840/attachment.pgp 


More information about the Security mailing list