argh, is there a chart of QUIC support? The Wikipedia page only covers TLS 1.3 and seems to assume everyone did QUIC:
“TLS 1.3 (2018) specified in RFC 8446 includes major optimizations and security improvements. QUIC (2021) specified in RFC 9000 and DTLS 1.3 (2022) specified in RFC 9147 builds on TLS 1.3. The publishing of TLS 1.3 and DTLS 1.3 obsoleted TLS 1.2 and DTLS 1.2.”
@kurtseifried I can't find any as exhaustive comparisons for QUIC implementations as there are for TLS. I saw this new effort recently that is trying to provide something, but is still lacking: quic-explorer.net/
PHK said if he was the NSA and wanted to undermine encryption on the Internet, an easy way would be to contribute patches with misleading docs, obfuscated code, and deceptive/insecure defaults to create the OpenSSL's API.
the talk is a tongue in cheek. It makes semi-plausible observations how incessant bikeshedders, defeatist arguments, patches that bolt on ad-hoc features neglecting docs and overall architecture, etc. are close to what NSA could be doing to undermine projects, and have perfect deniability. It was especially relevant at the time of Snowden leaks and Heartbleed.
@kornel I know. I actually saw his talk live at fosdem. I was only reacting on the notion that it would be easy to do any of it. Because I don't think so.
And force people to use centralized SSL authentication certs and DNS systems. And nag people to death about self-signed certs and cookies. And centralize access to webmail. And #EEE (#enshittify) most popular apps for encrypted communication. Anticipated all this a decade before Docororow coined the word #Enshittification @kornel
And he even anticipates the cover stories and plausible deniability that we see in the vulnerability and breach reports almost weekly now. He budgeted $1B for his ORCHESTRATION (#enshittification) thought experiment. The US MIC budget for this task is much much higher. @kornel
I do not believe Tim's response "we have support, they don't want to go public" based on what I've heard from people who are/were part of the OpenSSL org and what they were told.
@rsalz no one believes that. I mean sure, one person gave them thumbs up in a private email but dozens or more have expressed their disappointments in public. They just decide to listen to the minority that says what they want to hear.
From my perspective, I could handle an open source project that makes decisions I disagree with if it’s a grassroot thing and people are genuine. And perhaps they can’t do it because there’s not enough time.
And I’m pretty sure people have disagreed with me before on my decision I make for BIND 9 project. (1/2)
But this corporate bullshit, I don’t believe a word that has been said. If there was a MPL 2.0 compatible library with PKCS#11 support with good performance I would probably be working on migration as we speak. And I didn’t even know about the performance problems between 1.1.1 and 3.0.0 that haproxy maintainer mentioned. Although we had to dance around the EVP SHA1 being horribly slow compared to the old API. (2/2)
daniel:// stenberg://
Unknown parent • • •kurtseifried (he/him)
in reply to daniel:// stenberg:// • • •argh, is there a chart of QUIC support? The Wikipedia page only covers TLS 1.3 and seems to assume everyone did QUIC:
“TLS 1.3 (2018) specified in RFC 8446 includes major optimizations and security improvements. QUIC (2021) specified in RFC 9000 and DTLS 1.3 (2022) specified in RFC 9147 builds on TLS 1.3. The publishing of TLS 1.3 and DTLS 1.3 obsoleted TLS 1.2 and DTLS 1.2.”
en.m.wikipedia.org/wiki/Compar…
Wikimedia list article
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)daniel:// stenberg://
in reply to kurtseifried (he/him) • • •QUIC Explorer
quic-explorer.netSpaceLifeForm
in reply to daniel:// stenberg:// • • •Well said.
Is LibreSSL alive and functioning?
daniel:// stenberg://
in reply to SpaceLifeForm • • •Kornel
in reply to daniel:// stenberg:// • • •PHK said if he was the NSA and wanted to undermine encryption on the Internet, an easy way would be to contribute patches with misleading docs, obfuscated code, and deceptive/insecure defaults to create the OpenSSL's API.
youtu.be/fwcl17Q0bpk?t=1690
NSA operation ORCHESTRA: Annual Status Report
YouTubedaniel:// stenberg://
in reply to Kornel • • •Kornel
in reply to daniel:// stenberg:// • • •It was especially relevant at the time of Snowden leaks and Heartbleed.
daniel:// stenberg://
in reply to Kornel • • •Hobson Lane
in reply to daniel:// stenberg:// • • •And nag people to death about self-signed certs and cookies.
And centralize access to webmail.
And #EEE (#enshittify) most popular apps for encrypted communication.
Anticipated all this a decade before Docororow coined the word #Enshittification
@kornel
Hobson Lane
in reply to daniel:// stenberg:// • • •He budgeted $1B for his ORCHESTRATION (#enshittification) thought experiment. The US MIC budget for this task is much much higher.
@kornel
rsalz
in reply to daniel:// stenberg:// • • •rsalz
in reply to rsalz • • •My post is at lwn.net/Articles/983411/
I do not believe Tim's response "we have support, they don't want to go public" based on what I've heard from people who are/were part of the OpenSSL org and what they were told.
Will not change anything [LWN.net]
lwn.netdaniel:// stenberg://
in reply to rsalz • • •lena
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to lena • • •Maximilian Hils
in reply to daniel:// stenberg:// • • •Will not^W change anything^Weverything [LWN.net]
lwn.netStefan Eissing
in reply to Maximilian Hils • • •Ondřej Surý
in reply to Stefan Eissing • • •daniel:// stenberg://
in reply to Ondřej Surý • • •@ondrej @icing "By aligning our roadmap with the community’s needs, we aim to deliver more timely and effective solutions."
my corporate lingo meter went all the way up to red
Ondřej Surý
in reply to daniel:// stenberg:// • • •@icing Exactly. 🤮
From my perspective, I could handle an open source project that makes decisions I disagree with if it’s a grassroot thing and people are genuine. And perhaps they can’t do it because there’s not enough time.
And I’m pretty sure people have disagreed with me before on my decision I make for BIND 9 project. (1/2)
Ondřej Surý
in reply to Ondřej Surý • • •uis
in reply to daniel:// stenberg:// • • •chebra
in reply to daniel:// stenberg:// • • •