I'll start! "Colm, WHAT'S THE WORST PART OF TLS?". Answer: X.509, hands down, game over. Certificates use a crazy format called X509, which is just a set of rules built on top of an ancient encoding called ASN.1 DER.
-
-
Show this thread
-
You'd think it'd be pretty simple to parse a certificate, especially since it's security critical, RIGHT? WRONG! OpenSSL uses about as many lines of code to parse ASN.1 and X.509 as the Apollo moon landing guidance system.
Show this thread -
So of course there have been lots of X509 parsing security issues. Hell, even security issues that were introduced just by fixing other security issues. And we're all still using it! *sigh*
Show this thread
End of conversation
New conversation -
-
-
What are your opinions on the current state DNSSEC? It seems to me that it is WAY under emphasized in importance.
-
Sure, let me find my notes. Here they are ... DO NOT USE DNSSEC. DNSSEC DOESN'T WORK. DNSSEC CAUSES OUTAGES. DNSSEC MAKES DDOSES WORSE. DO NOT USE DNSSEC.
- 4 more replies
New conversation -
-
-
Vi or emacs ?
-
I use vim. Help Uganda!
- 1 more reply
New conversation -
-
-
do you think we’ll see *client* software give users control to disable 0-rtt?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.