Hacker News new | past | comments | ask | show | jobs | submit login

We're in the middle of a 4 year streak of findings stemming from archaic 1990s constructions embedded in TLS, from BEAST to CRIME to Lucky 13 to RC4 to POODLE.

It is unconscionable that the IETF would consider deploying a protocol whose modal deployment configuration will be PKCS1v15 RSA.

The I-D's with ECC options don't matter, any more than they mattered for the last 5 years with TLS 1.2. The protocol isn't even fucking deployed yet --- what we have today are pilot deployments. How could they possibly be fielding PKCS1v15 RSA in 2014?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: