[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Wed Aug 20 09:16:54 CDT 2008


On Wed, Aug 20, 2008 at 7:12 AM, Jonathan Schleifer
<js-xmpp-security at webkeks.org> wrote:
> Am 19.08.2008 um 23:22 schrieb Eric Rescorla:
>
>> And your theory is that designing a new crypto protocol, a job we
>> know from very painful experience to incredibly difficult, is somehow
>> not reinventing? Please.
>
> It already *IS* done,why E2E TLS is *NOT* done yet, so YES, that would be
> reinventing, while ESessions already HAS been invented.

If you think the current state of ESessions is "DONE", then you and I
have a very different view of what it takes for a protocol to be "DONE"

-Ekr


More information about the Security mailing list