💾 Archived View for rawtext.club › ~sloum › geminilist › 006036.gmi captured on 2024-02-05 at 11:04:18. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Stephane Bortzmeyer stephane at sources.org
Wed Mar 10 08:39:56 GMT 2021
- - - - - - - - - - - - - - - - - - -
On Tue, Mar 09, 2021 at 07:36:37PM +0100, nothien at uber.space <nothien at uber.space> wrote a message of 41 lines which said:
I've been collecting ideas for a new transport security protocol. I
know ~spc's stance on crypto ("get it approved by the crypto
community, make an implementation, then we'll talk"), and I'm not
saying we should switch to a magic protocol that doesn't exist; but
that we should at least consider making a wishlist of sorts of all
the things that we would want out of a "good" transport security
protocol (if you have any such ideas, please share them with me).
There are two kinds of people who design security protocols: geniuses(who don't need my advice) and people who overstimate their abilities.
Seriously, designing a secure transport protocol is *hard*. I repeat,HARD. There are are many traps. One of the most important is thatfailures are not obvious. If you create a program to display images,anyone, even not an expert, can see if the program works or not. Ifyou create a security protocol, even experts may not be able to tellimmediately that there is a vulnerability.
And I don't even mention implementation, which adds its own risks.