[Security] TLS Certificates Verification
stpeter at stpeter.im
Tue Aug 19 10:18:44 CDT 2008
Eric Rescorla wrote:
> Part of the problem here is that any existing protocol has benefitted
> from a lot of
> free cryptanalysis from people hoping to get publications out of
> breaking it. But
> that's a lot less likely for a new protocol which is similar to, but
> not exactly the same
> as an existing protocol.
Right. The incentive system of cryptanalysis publication provides a
built-in method for continual improvement. Plus you'll get a lot more
attention if you break TLS than if you break some unknown technology
that no one uses.
As always, incentives matter.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/789ae1b6/attachment-0001.bin
More information about the Security