[Sohcahtoa82]

How is a one-time pad going to fix the issues in TLS?

Honestly, it feels like you're treating "one-time pad" as a buzzword without understanding what it actually is. It's just an encryption technique. It doesn't fix the PKI problem. And your one-time pad key needs to be sent over a secure channel. How do you suppose that happens?

[mabynogy]

I'm not into crypto. Reply yourself to your own questions. You're patronizing.

If I need encryption for one of my projects, I'll try that.

[Sohcahtoa82]

You admit that you're not into crypto, yet above you tried to propose a solution to the problems with PKI, as if the people that ARE into crypto hadn't thought of it.

[mabynogy]

You show your values and you prove nothing with that sentence.

Experts are often wrong. They exist because because we don't know. When we know something we don't need experts anymore. We just know and apply our knowledge.

[Sohcahtoa82]

Keep in mind the context of this whole conversation. You suggested one-time pads as a solution to PKI and the problems of OpenSSL's large code base being added to projects that need encryption. I don't know how to put this nicely, but it just shows you really don't know what you're talking about.

Yes, sometimes experts get it wrong. Yes, non-experts can sometimes find solutions that the so-called experts couldn't find. I'm not arguing against those claims.

But suggesting one-time pads as a solution to PKI is like seeing someone on the side of the road with a flat tire and suggesting they refill their gas tank.

[mabynogy]

People have the right to criticize whatever they think is a problem. They don't need to be competent. It's just their applied freedom to think. I just mentioned my lack of interest in crypto to prevent what happened but I'm not surprised that it was useless.

IMHO most people defending HTTPs do that by loyalty because they invested so much time on that and not because they understand all the details of the crypto behind.

My message is just: "It's overcomplicated. I quickly found an alternative. I don't buy the meme".

https://en.wikipedia.org/wiki/Shooting_the_messenger

[Sohcahtoa82]

> My message is just: "It's overcomplicated. I quickly found an alternative. I don't buy the meme".

That's exactly my point though. Your proposed alternative does not solve the problem.

We didn't reject your alternative because we think you're incompetent. We didn't reject your alternative because we think HTTPS is fine.

We rejected your alternative because it DOES NOT SOLVE THE PROBLEM. AT ALL. And rather than admit that, you keep defending a point that nobody is arguing against.