|
|
|
|
|
|
by Tobu
4453 days ago
|
|
|
Critical sentiments can be useful when they are of the form: “X didn't work, we moved to Y because blah blah and we did it by yada yada”. Whenever something needs fixing in TLS we always hear about the OpenSSL patch first, so it seems like the project is healthy. I think this (and some of the context around the Debian incident) points out that we should be looking at replacements focused on implementation safety (bluishcoder's ATS-based demonstration looks like the right direction), good defaults, and a simpler API (one that also doesn't give so much leeway to shoot oneself in the foot through configurability). |
|
|