@annevk @rcabanier @hsivonen Same is true to varying degrees against the other impls. You're conceptually exposing new OS/HW capabilities
-
-
Replying to @sleevi_
@sleevi_@annevk@rcabanier We aren't *actually* exposing HW capabilities other than AES-NI, though, right? I.e. no arbitrary PKCS#11 tokens1 reply 0 retweets 0 likes -
Replying to @hsivonen
@hsivonen@annevk@rcabanier You're running hostile code in the same NSS privsep pool as your most trusted code. And in other browsers too3 replies 0 retweets 0 likes -
Replying to @sleevi_
@hsivonen@annevk@rcabanier Setting the bar at HTTPS is setting a minimum threshold of evilness. Any HTTP use can/will undermine.1 reply 0 retweets 0 likes -
Replying to @sleevi_
@hsivonen@annevk@rcabanier Is it perfect? No. But is there any valid use case for crypto via HTTP? Also no.2 replies 0 retweets 1 like -
Replying to @sleevi_
@sleevi_@annevk@rcabanier I take it that hiding data from read-only attackers doesn't count as valid for you.1 reply 0 retweets 0 likes -
Replying to @hsivonen
Ryan Sleevi Retweeted Ryan Sleevi
@hsivonen@annevk@rcabanier Not really :) Especially not when you look at the details. But generally, seehttps://twitter.com/sleevi_/status/509739981355491329 …Ryan Sleevi added,
1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@annevk@rcabanier I take it you disagree with https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-00 … and http://www.ietf.org/mail-archive/web/ietf/current/msg82125.html … then?3 replies 0 retweets 0 likes -
Replying to @hsivonen
@hsivonen: Comcast is injecting JS into pages; I have trouble believing that NSA wouldn't strip HTTP-TLS headers.@sleevi_@annevk@rcabanier2 replies 0 retweets 2 likes -
Replying to @mikewest
@mikewest@sleevi_@annevk@rcabanier Yeah, the logic of anon DHE imposing cost doesn't work if the adversary can just strip a header.3 replies 0 retweets 0 likes
-
-
Replying to @BRIAN_____
@BRIAN_____@mikewest@sleevi_@annevk@rcabanier No disagreement from me on security with http: URLs being fundamentally limited (flawed).0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.