Note: I can’t claim to write anything even close to this timeline about PKI!
Many of these items seem correct to include in "A comprehensive history of the most important events that shaped the SSL/TLS and PKI ecosystem”, however it feels very… inconsistent in inclusion.
Dates are given when browser implement protocol support, but not OpenSSL, NSS, etc. (Actually, nothing positive is said about OpenSSL at all.) Also no mention of Nginx, Apache or IIS and their TLS/SPDY support/features?
Brian Smith is mentioned by name working on a Rust crypto library, but no mention of DJB when discussing ChaCha20-Poly1305? (Is Ring actually used by any major projects so far?)
I suppose it's a question of balance; I am trying to include all that's relevant while at the same time keeping the list reasonably small. If I add too many items, the main ones will be lost in the noise. (I have an idea of how I could manage this, but including categories and filters in the future.)
Perhaps the inclusion of ring is a tad premature, but that's because I have very high hopes for this project. Brian is the only one taking a long-term view and doing what we're all supposed to be doing -- minimising the amount of C code we depend upon.
> (Is Ring actually used by any major projects so far?)
So, we're at the beta stage of releasing https://rustup.rs/, which is going to be the official way to download Rust in the future. It uses rusttls, which uses ring.
Many of these items seem correct to include in "A comprehensive history of the most important events that shaped the SSL/TLS and PKI ecosystem”, however it feels very… inconsistent in inclusion.
Dates are given when browser implement protocol support, but not OpenSSL, NSS, etc. (Actually, nothing positive is said about OpenSSL at all.) Also no mention of Nginx, Apache or IIS and their TLS/SPDY support/features?
Brian Smith is mentioned by name working on a Rust crypto library, but no mention of DJB when discussing ChaCha20-Poly1305? (Is Ring actually used by any major projects so far?)