|
|
|
|
|
|
by a-no-n
3559 days ago
|
|
|
A simpler, focused protocol framework and reference implementation with only necessary, useful options... something like that needs actual security people, users in embedded, enterprise, client/server apps would need to agree on it without falling into the trap of being hijacked by special interests, vague edge-cases and feature-creep. The issue would be that it's yet another/different standard, and TLS has most of the de-facto "market-share." That aside, OpenSSL and TLS are terrible because they're so poorly-managed, poorly-tested, poorly-validated, arbitrarily-featured and unplanned. If SSL/TLS is a kitchen-sink, OpenSSL is Home Depot. |
|
|