On Fri, Feb 12, 2010 at 03:12:30PM +0300, Basil Dolmatov wrote: > ...have had much less _published_ cryptographic review... I would say. ;) I am not a security expert, but I've never met one who thought that unpublished cryptographic review was worth a dime. Moreover, for the purposes of the IETF, if something isn't published it might as well not exist: we have no way of knowing one way or the other. If you mean "published to a limited and vetted community of NDA-covered experts", that might yield different conclusions about the value of the review (depending I guess on how free those experts think they are to disagree). But it would have no effect on the value of those reviews for IETF purposes, which just depends on the publication (and, actually, publication in a language the community can understand). I have no feelings about the merits of the algorithm. But there are too many side issues in this discussion already without us getting into a battle of whether the review is adequate: the reviews aren't apparently available as far as this community is concerned, unfortunately, even if they've been done A -- Andrew Sullivan ajs@xxxxxxxxxxxx Shinkuro, Inc. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf