Part of the problem here is that any existing protocol has benefitted from a lot of free cryptanalysis from people hoping to get publications out of breaking it. But that's a lot less likely for a new protocol which is similar to, but not exactly the same as an existing protocol.
-Ekr On Tue, Aug 19, 2008 at 7:26 AM, Peter Saint-Andre <[EMAIL PROTECTED]> wrote: > Jonathan Schleifer wrote: >> >> Am 18.08.2008 um 23:27 schrieb Peter Saint-Andre: >> >>> AFAICS, TLS enables us to use PGP keys (experimental, not yet supported >>> in all TLS libraries), CA-issued certs, and self-signed certs (leap of >>> faith). There's no SAS support in TLS yet but that might be developed down >>> the line because, as discussed on the TLS list recently, members of the SIP >>> community (and others) are interested in that feature. >> >> That still means no implementation has it, thus the advantage of being >> able to just use one of the TLS implementations is gone. So we could as well >> try to get a cryptanalysis for ESessions for a cheap price and use Brandan >> Taylors implementation, for which he already offered to port it to C so >> others can use it with nearly no afford at all. > > The estimates I received for completing a professional cryptanalysis for > ESessions implied that it would cost the XSF $100k to $200k (i.e., about six > weeks of effort at expected rates for such work). We don't have that kind of > money and it would not be easy to raise that kind of money. And trying to > get this done "for a cheap price" might mean that we're not getting a > reliable cryptanalysis. Even getting this done for $50k would be a stretch > financially and I'd be spending more time raising money than doing real > work. I'm sure there are grants we could seek, etc., but I have not yet > spent the time to research that in depth yet. > > /psa > >
