> It already *IS* done, why E2E TLS is *NOT* done yet, so YES, that would be > reinventing, while ESessions already HAS been invented.
ESessions has recently been invented by people who are not security experts, so it's equivalent to 'a new crypto protocol', which is doomed to have problems (as EKR mentions). I don't think one implementation and one user of a security protocol justifies that it is a mature and secure standard. Upgrading a well-established secure standard to a new use case sounds slightly more fail-safe than creating a new one from the ground up. cheers, Remko
