On 3 Jan 2016, at 14:12, Jesse V <kernelcorn@riseup.net> wrote:

On 01/02/2016 05:42 PM, Tim Wilson-Brown - teor wrote:
And if we can't use the reference implementation, we have some decent
programmers…
(On the other hand, if there's no reference implementation, then that
makes it hard to recommend that particular crypto scheme.)

That sounds pretty close to a "roll your own crypto" idea, which as I'm
sure you know is almost always a poor idea. Classical algorithms like
RSA and Diffie-Hellman are ~40 years old but they have many
side-channels and are still hard to implement correctly. There are so
many subtleties with ECDHE and ECDSA, with the notable exception of the
safer *25519 cryptosystems from djb. Post-quantum cryptography is over
my head, but considering the pattern and the newness of the field I
wouldn't trust any implementation unless it was written or at least
vetted by the authors of the respective post-quantum crypto system.

Point taken. It was a bit of a throwaway line, rather than a serious suggestion.
tor currently uses external crypto implementations rather than writing our own.

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F