[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Tue Aug 19 08:24:44 CDT 2008


On Tue, Aug 19, 2008 at 6:16 AM, Jonathan Schleifer
<js-xmpp-security at webkeks.org> wrote:
> Am 19.08.2008 um 14:20 schrieb Eric Rescorla
>
>> And of course, this library will be totally perfect, not need any
>> maintenance,
>> etc.
>
> It's a *huge* difference if someone who doesn't have an idea about crypto
> tries to implement it using OpenSSL in some Jabber client or if they use a
> library that is ready to use, written by some people who know much about
> cryptography. It's like you tell a database programmer who never did
> anything with graphics to write a 3D engine.

You're totally missing the point.

Maintaining an entirely separate COMSEC infrastructure is a big deal,
and this isn't in any way mitigated by it having a simple top API.


-Ekr


More information about the Security mailing list