[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Tue Aug 19 10:11:29 CDT 2008


Part of the problem here is that any existing protocol has benefitted
from a lot of
free cryptanalysis from people hoping to get publications out of
breaking it. But
that's a lot less likely for a new protocol which is similar to, but
not exactly the same
as an existing protocol.

-Ekr


On Tue, Aug 19, 2008 at 7:26 AM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> Jonathan Schleifer wrote:
>>
>> Am 18.08.2008 um 23:27 schrieb Peter Saint-Andre:
>>
>>> AFAICS, TLS enables us to use PGP keys (experimental, not yet supported
>>> in all TLS libraries), CA-issued certs, and self-signed certs (leap of
>>> faith). There's no SAS support in TLS yet but that might be developed down
>>> the line because, as discussed on the TLS list recently, members of the SIP
>>> community (and others) are interested in that feature.
>>
>> That still means no implementation has it, thus the advantage of being
>> able to just use one of the TLS implementations is gone. So we could as well
>> try to get a cryptanalysis for ESessions for a cheap price and use Brandan
>> Taylors implementation, for which he already offered to port it to C so
>> others can use it with nearly no afford at all.
>
> The estimates I received for completing a professional cryptanalysis for
> ESessions implied that it would cost the XSF $100k to $200k (i.e., about six
> weeks of effort at expected rates for such work). We don't have that kind of
> money and it would not be easy to raise that kind of money. And trying to
> get this done "for a cheap price" might mean that we're not getting a
> reliable cryptanalysis. Even getting this done for $50k would be a stretch
> financially and I'd be spending more time raising money than doing real
> work. I'm sure there are grants we could seek, etc., but I have not yet
> spent the time to research that in depth yet.
>
> /psa
>
>


More information about the Security mailing list