I wrote a long post about the Efail disclosure to stop myself from tweeting about it anymore. Also it says mean things about PGP which I will regret for months.https://blog.cryptographyengineering.com/2018/05/17/was-the-efail-disclosure-horribly-screwed-up/ …
-
We heard a lot of people saying "OpenSSL should be replaced" when Heartbleed was disclosed. Same thing happens here with GPG. Fact is lots of projects still use OpenSSL. Same might happen with GPG. As usual, lots of people complain, not a lot of people propose alternatives/fixes.
The difference is TLS is a much better place as a standard and has multiple popular implementations (and new ones are being written to address the problems), while PGP is basically a GPG monoculture. It's a much smaller community.
-
-
OpenSSL went through a leadership change and several major rewrites. Some of that was funding, some was attention. Also, Google and OpenBSD *each* forked their own TLS versions. And Amazon wrote their own too. The outcome of Heartbleed was a reckoning — followed by improvement.
-
I still think the ratio (people actually doing something)/(people doing nothing but criticizing) is really low
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.