[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Tue Aug 19 16:22:11 CDT 2008


On Tue, Aug 19, 2008 at 2:19 PM, Jonathan Schleifer
<js-xmpp-security at webkeks.org> wrote:
> "Eric Rescorla" <ekr at rtfm.com> wrote:
>
>> There's something truly ironic about someone lobbying for an entirely
>> new and unanalyzed cryptographic protocol suggesting that using the
>> most widely implemented crypto protocol in the world would be
>> reinventing the wheel.
>
> There would be several changes needed as already stated on this
> list. And new XEPs would need to be created. XEPs for stuff for which
> already XEPs exist. If that's not reinventing, I don't know.

And your theory is that designing a new crypto protocol, a job we
know from very painful experience to incredibly difficult, is somehow
not reinventing? Please.

-Ekr


More information about the Security mailing list