[Security] TLS Certificates Verification
stpeter at stpeter.im
Wed Aug 20 12:18:47 CDT 2008
Jonathan Dickinson wrote:
>> -----Original Message-----
>> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
>> Behalf Of Jonathan Schleifer
>> Sent: Wednesday, August 20, 2008 7:04 PM
>> To: security at xmpp.org
>> Subject: Re: [Security] TLS Certificates Verification
>> None, that's why I suggested to contact Google or another premium
>> sponsor if they could sponsor an analysis. None of the sponsors has
>> been contacted for that yet.
It's always easy to spend other people's money, isn't it?
As mentioned, the estimates I received indicated that a full
cryptanalysis for ESessions would cost between $100,000 and $200,000.
That's not exactly chump change.
Feel free to raise that money yourself, but until we have some kind of
closure to these discussions, I am not about to approach *anyone* for
money. And given that I have slowly come to see the logic of using
TLS-over-XMPP, I am not enthusiastic about raising large sums of money
for an ESessions cryptanalysis. And presumably anyone who might fork
over $100k-$200k would do some due diligence, read these discussion
threads and the relevant specs, and ask why we're not just using
> Good suggestion. Seeing as Google is one of the sponsors I don't see why they wouldn't.
I can think of one huge reason why they wouldn't, but I would prefer to
stay away from discussions of Layer 8 and Layer 9. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080820/28201bc4/attachment-0001.bin
More information about the Security