[Cryptography] Other obvious issues being ignored?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Oct 20 06:38:09 EDT 2015
Jerry Leichter <leichter at lrw.com> writes:
>If you step back a moment, all of these "verify the parameters the other guy
>gave you" issues require a rather funny threat analysis.
Not being vulnerable to MITM attacks doesn't seem like a funny threat analysis
to me:
https://www.secure-resumption.com/#further
>The only purpose I can see in checking the parameters handed to you is to
>help catch errors.
... or attacks.
Peter.
More information about the cryptography
mailing list