Hacker News new | ask | show | jobs
by FiloSottile 4450 days ago
Totally agreed on the over-complexity and un-securability of TLS, that too often is deployed where something simpler should be used instead.

However, wouldn't OpenSSH be the thing spiped replaces most of the times? And that has a better security track record (I mean, better than OpenSSL for sure).
2 comments
cperciva 4450 days ago
A lot of people are doing spiped-like things using stunnel.
link
midas007 4450 days ago
Basically, for internal infrastructure, where autossh wont work and/or where something simpler than ssh is desired.

So the strawmen arguments about it not replacing TLS is not the point.

stud, nginx, stunnel, f5 load balancers and cloudflare will still be needed for now, until 'moxie0 or someone comes up with a viable CA alternative AND something way, way simpler than TLS (brain-hurt ASN1, even with Wireshark).

link
FiloSottile 4450 days ago
Oh. Sigh.
link
atmosx 4450 days ago
> Totally agreed on the over-complexity and un-securability of TLS, that too often is deployed where something simpler should be used instead.

What would something simpler, less error-prone which would give the same benefits in a client-server connection?

EDIT: Spiped is one, I got it (I'm on it right now and might even use it actually on a side-project), anything else that we should know about? :-)

link