Jonathan Dickinson wrote:
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Schleifer Sent: Wednesday, August 20, 2008 7:04 PM To: [email protected] Subject: Re: [Security] TLS Certificates VerificationNone, that's why I suggested to contact Google or another premium sponsor if they could sponsor an analysis. None of the sponsors has been contacted for that yet.
It's always easy to spend other people's money, isn't it?As mentioned, the estimates I received indicated that a full cryptanalysis for ESessions would cost between $100,000 and $200,000. That's not exactly chump change.
Feel free to raise that money yourself, but until we have some kind of closure to these discussions, I am not about to approach *anyone* for money. And given that I have slowly come to see the logic of using TLS-over-XMPP, I am not enthusiastic about raising large sums of money for an ESessions cryptanalysis. And presumably anyone who might fork over $100k-$200k would do some due diligence, read these discussion threads and the relevant specs, and ask why we're not just using TLS-over-XMPP.
Good suggestion. Seeing as Google is one of the sponsors I don't see why they wouldn't.
I can think of one huge reason why they wouldn't, but I would prefer to stay away from discussions of Layer 8 and Layer 9. :)
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
