Skip to content
  • Home Home Home, current page.
  • Moments Moments Moments, current page.

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?

    New to Twitter?
    Sign up
BRIAN_____'s profile
Brian Smith
Brian Smith
Brian Smith
@BRIAN_____

Tweets

Brian Smith

@BRIAN_____

Code farmer. Security, crypto, performance, networking, usability. Rust, C++, C, Haskell, DSLs, etc. *ring*, webpki, crypto-bench, mozilla::pkix.

Honolulu & San Francisco
briansmith.org
Joined April 2008

Tweets

  • © 2018 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list


    Under 100 characters, optional

    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    1. Ryan Sleevi‏ @sleevi_ 5 Jan 2016
      Replying to @CodingExon

      @CodingExon I expect to make Chrome behave similar to FF in a few weeks, provided I bring Karma (dog in pic) in to appease @__apf__

      1 reply 0 retweets 2 likes
    2. Ryan Sleevi‏ @sleevi_ 5 Jan 2016
      Replying to @sleevi_

      @CodingExon @__apf__ Although that would take an extra 12-16 weeks to roll out to stable. But it's the right thing to do.

      1 reply 0 retweets 0 likes
    3. Daniel Holbert‏ @CodingExon 5 Jan 2016
      Replying to @sleevi_

      @sleevi_ Nice! FYI, we're reverting the sha1 deprecation for the moment (https://bugzilla.mozilla.org/show_bug.cgi?id=1236975 … ) so we can see how bad the MITM problem is

      2 replies 7 retweets 3 likes
    4. Ryan Sleevi‏ @sleevi_ 5 Jan 2016
      Replying to @CodingExon

      @CodingExon The first mover problem strikes again! Note that our first phase of SHA-1 deprecation (up until the 2017 cliff) is only for PTCs

      2 replies 2 retweets 0 likes
    5. Ryan Sleevi‏ @sleevi_ 5 Jan 2016
      Replying to @sleevi_

      @CodingExon That is, MITM software is exempted. Pros and cons of that, but certainly helps users. Could consider it... // @BRIAN_____

      1 reply 1 retweet 0 likes
    6. Brian Smith‏ @BRIAN_____ 5 Jan 2016
      Replying to @sleevi_

      @sleevi_ @CodingExon I was wondering about that when I read the code last week.

      1 reply 0 retweets 0 likes
    7. Ryan Sleevi‏ @sleevi_ 5 Jan 2016
      Replying to @BRIAN_____

      @BRIAN_____ @CodingExon Same basic philosophy as HPKP bypass, with serious pain learned from MD5 deprecation. Not ideal, but seems necessary

      2 replies 0 retweets 1 like
    8. Brian Smith‏ @BRIAN_____ 5 Jan 2016
      Replying to @sleevi_

      @sleevi_ @CodingExon OTOH, that would mean that if you trust any non-built-in cert, you have nearly zero protection from collision attacks.

      2 replies 0 retweets 0 likes
    9. Brian Smith‏ @BRIAN_____ 5 Jan 2016
      Replying to @BRIAN_____

      @sleevi_ @CodingExon I'm probably overstating that for the general case. But, it's probably true for many "I'll sign anything" MitM proxies.

      2 replies 0 retweets 0 likes
    10. Ryan Sleevi‏ @sleevi_ 5 Jan 2016
      Replying to @BRIAN_____

      @BRIAN_____ @CodingExon @ttaubert @rlbarnes I'm increasingly getting convinced that trying to stop dumb (AV/intercept) is pointless :(

      2 replies 1 retweet 3 likes
      Brian Smith‏ @BRIAN_____ 5 Jan 2016
      Replying to @sleevi_

      @sleevi_ @CodingExon @ttaubert Personally, I think Firefox should just not even bother w/ workarounds. Give expensive users to Chrome & IE.

      4:32 PM - 5 Jan 2016
      • 2 Likes
      • Vincent Lynch Daniel Holbert
      3 replies 0 retweets 2 likes
        1. Daniel Holbert‏ @CodingExon 5 Jan 2016
          Replying to @BRIAN_____

          @BRIAN_____ @sleevi_ @ttaubert Interesting point (CC @rlbarnes). We should see how many users we're talking about, but I probably agree.

          0 replies 0 retweets 0 likes
          Thanks. Twitter will use this to make your timeline better. Undo
          Undo
        1. New conversation
        2. Brian Smith‏ @BRIAN_____ 5 Jan 2016
          Replying to @BRIAN_____

          @sleevi_ @CodingExon @ttaubert That's basically what we did with client certificates.

          1 reply 0 retweets 3 likes
        3. Yuhong Bao‏ @yuhong2 5 Jan 2016
          Replying to @BRIAN_____

          @BRIAN_____ @sleevi_ @CodingExon @ttaubert You are talking about insecure renegotiation, right?

          1 reply 0 retweets 0 likes
        4. Brian Smith‏ @BRIAN_____ 5 Jan 2016
          Replying to @yuhong2

          @yuhong2 @sleevi_ @CodingExon @ttaubert No, just the fact that nobody ever touches the client cert code in Gecko.

          0 replies 0 retweets 0 likes
        5. End of conversation
        1. New conversation
        2. Ryan Sleevi‏ @sleevi_ 5 Jan 2016
          Replying to @BRIAN_____

          @BRIAN_____ @CodingExon @ttaubert I wouldn't quite phrase it like that, but yes, I think Chrome & FF should focus on... core user bases?

          1 reply 0 retweets 0 likes
        3. Ryan Sleevi‏ @sleevi_ 5 Jan 2016
          Replying to @sleevi_

          .@BRIAN_____ @CodingExon @ttaubert I'm perfectly happy to say Chrome isn't the right browser for (batshit insane use case X). No sleep lost.

          0 replies 1 retweet 4 likes
        4. End of conversation

      Loading seems to be taking a while.

      Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

        Promoted Tweet

        false

        • © 2018 Twitter
        • About
        • Help Center
        • Terms
        • Privacy policy
        • Cookies
        • Ads info