@bascule as you know, keeping it all app layer can be inefficient and/or less secure without tons of work
-
-
-
@raggi bro it's called "client-side encryption" and it passes@matthew_d_green's "mud puddle test" -
@bascule I feel like we just changed subjects, or I missed something -
@raggi needs another layer, bro /cc@matthew_d_green -
@bascule I thought you were talking about transports -
@raggi don't remember that, but if I was then yes let's please change the subject to where encryption *should* happen -
@bascule the puddle test is about credentials isn't it? -
@raggi it's about who sees your plaintexts
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule but breaking those encapsulation boundaries is also not without cost -
@halorgium that's apalling design, it'll do to itself even unmaliciously -
@raggi yes, so many systems have races/injections purely in their design. sad times.
End of conversation
New conversation -
-
-
@bascule transcendent is appropriate - e2e layers in many telco networks have cross layer impacts despite being app layer protocolsThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.