[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Feedback for mixminion specs

To: <mixminion-dev@freehaven.net>
Subject: RE: Feedback for mixminion specs
From: "Lucky Green" <shamrock@cypherpunks.to>
Date: Tue, 25 Feb 2003 19:19:10 -0800
Delivered-to: archiver@seul.org
Delivered-to: mixminion-dev-outgoing@seul.org
Delivered-to: mixminion-dev@seul.org
Delivery-date: Tue, 25 Feb 2003 22:19:12 -0500
Importance: Normal
In-reply-to: <Pine.LNX.4.44.0302211331470.19560-100000@blackbird.lcs.mit.edu>
Reply-to: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

George wrote:
> 2) SSL/TLS
> 
> Early in the design we have decided to go for SSL/TLS instead 
> of designing 
> our own forward secure channel. Was this wise?

Extremely wise. Getting secure transport protocols to be secure is a
challenge even for the best of cryptographers and even that crowd rarely
gets it right on the first or even second try. TLS has seen years of
review - and countless failures - before getting into the state in which
it is today: trusted more than other such protocols, though a far cry
from being fully trusted. Which is why the best cryptographers will
typically give application authors the following advice: unless there is
a sound reason why TLS does not meet your requirements (please explain
in exhaustive detail), don't give in to the temptation of designing your
own transport security protocol. Or if you design it, resist the
temptation to deploy it. :)

Just my $0.02,
--Lucky

References:
- Feedback for mixminion specs
  - From: George Danezis <gd@theory.lcs.mit.edu>

Prev by Date: Re: Nick out of touch
Next by Date: More thoughts on From: lines
Previous by thread: Feedback for mixminion specs
Next by thread: Re: Feedback for mixminion specs
Index(es):
- Date
- Thread