[Security] TLS Certificates Verification

Remko Tronçon remko at el-tramo.be
Wed Aug 20 09:24:05 CDT 2008


> It already *IS* done, why E2E TLS is *NOT* done yet, so YES, that would be
> reinventing, while ESessions already HAS been invented.

ESessions has recently been invented by people who are not security
experts, so it's equivalent to 'a new crypto protocol', which is
doomed to have problems (as EKR mentions). I don't think one
implementation and one user of a security protocol justifies that it
is a mature and secure standard. Upgrading a well-established secure
standard to a new use case sounds slightly more fail-safe than
creating a new one from the ground up.

cheers,
Remko


More information about the Security mailing list