Hacker News new | ask | show | jobs
by kelnos 5455 days ago
I think benblack's argument is that Adam can recommend disabling DHE because he knows what it is and what it does and can make an informed decision about whether or not your average SSL-enabled site needs it.

Matt simply says "I messed with my settings and leaving this one out makes it faster", without knowing whether or not turning DHE off is safe (or if he does know, clearly he's making it seem like he doesn't). The fact that it is safe -- in this instance -- isn't particularly relevant. The point is that someone who doesn't understand the security implications of something is making a recommendation about security, just cloaked in a recommendation about performance.

Anyway, I don't know any of the people we're talking about here, just trying to help clear up what I believe benblack was trying to say :)
1 comments
tptacek 5455 days ago
Right is right. Wrong is wrong. Pants aren't shirts. It's clear Ben doesn't think Matt is qualified to write the post. But he should have holstered the impulse to gripe about it until Matt wrote something wrong.
link
kelnos 5455 days ago
Well, Matt did write something wrong. The original post about nginx "sucking" at SSL was wrong. Maybe it sucks for SSL in its default configuration (is that even that case, or was Matt's config copy/pasted from elsewhere?), but saying it sucks in general is incorrect and link-bait'y. You can presumably configure other web servers to suck just as much at SSL by enabling DHE ciphers and providing DH params.
link
tptacek 5455 days ago
We're commenting on this blog post. As was Ben, who didn't comment on the previous post, but did single this one out here and, as I recall, on Twitter.
link
kelnos 5450 days ago
It sounds like you're implying that when someone posts something on the internet, when you're evaluating the usefulness of that information, you should ignore anything else they wrote previously. Frankly I don't care all that much about Ben's motivations behind calling out the author here, but I read both blog posts as they came out, and the lack of attention to detail in the first post definitely affected my opinion of the second post. I don't think a lack of participation in the first HN discussion means you're disqualified from participating in the second one using information from the first.
link