[Cryptography] Other obvious issues being ignored?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Oct 20 06:38:09 EDT 2015


Jerry Leichter <leichter at lrw.com> writes:

>If you step back a moment, all of these "verify the parameters the other guy
>gave you" issues require a rather funny threat analysis.

Not being vulnerable to MITM attacks doesn't seem like a funny threat analysis
to me:

https://www.secure-resumption.com/#further

>The only purpose I can see in checking the parameters handed to you is to
>help catch errors.

... or attacks.

Peter.


More information about the cryptography mailing list