@BRIAN_____ @marver but why do you keep trying to do security sw in C?
-
-
-
@tarasglek@marver Exactly. That's why I am making https://github.com/briansmith/ring , https://github.com/briansmith/webpki …, and other related stuff. -
@BRIAN_____@marver nice rhetorical plug :)
End of conversation
New conversation -
-
-
@BRIAN_____@marver interestingly, I just read@johnregehr post http://blog.regehr.org/archives/1261 would be curious if the verification abstracted this -
@frgx@BRIAN_____@marver "abstracted" isn't a good word. I would guess the buggy code is new or outside the verified part. -
@johnregehr@frgx@marver 1. Session tickets is new code 2. Session resumption was not verified 3. Verification was server side, not client - 1 more reply
New conversation -
-
-
@BRIAN_____ A security audit of C/C++ or any other memory-unsafe language code should just be considered an auto-fail at this point.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.