@kurtseifried I can't find any as exhaustive comparisons for QUIC implementations as there are for TLS. I saw this new effort recently that is trying to provide something, but is still lacking: quic-explorer.net/
PHK said if he was the NSA and wanted to undermine encryption on the Internet, an easy way would be to contribute patches with misleading docs, obfuscated code, and deceptive/insecure defaults to create the OpenSSL's API.
the talk is a tongue in cheek. It makes semi-plausible observations how incessant bikeshedders, defeatist arguments, patches that bolt on ad-hoc features neglecting docs and overall architecture, etc. are close to what NSA could be doing to undermine projects, and have perfect deniability. It was especially relevant at the time of Snowden leaks and Heartbleed.
@kornel I know. I actually saw his talk live at fosdem. I was only reacting on the notion that it would be easy to do any of it. Because I don't think so.
And force people to use centralized SSL authentication certs and DNS systems. And nag people to death about self-signed certs and cookies. And centralize access to webmail. And #EEE (#enshittify) most popular apps for encrypted communication. Anticipated all this a decade before Docororow coined the word #Enshittification @kornel
And he even anticipates the cover stories and plausible deniability that we see in the vulnerability and breach reports almost weekly now. He budgeted $1B for his ORCHESTRATION (#enshittification) thought experiment. The US MIC budget for this task is much much higher. @kornel
I do not believe Tim's response "we have support, they don't want to go public" based on what I've heard from people who are/were part of the OpenSSL org and what they were told.
@rsalz no one believes that. I mean sure, one person gave them thumbs up in a private email but dozens or more have expressed their disappointments in public. They just decide to listen to the minority that says what they want to hear.
daniel:// stenberg://
Unknown parent • • •daniel:// stenberg://
Unknown parent • • •QUIC Explorer
quic-explorer.netSpaceLifeForm
in reply to daniel:// stenberg:// • • •Well said.
Is LibreSSL alive and functioning?
daniel:// stenberg://
in reply to SpaceLifeForm • • •Kornel
in reply to daniel:// stenberg:// • • •PHK said if he was the NSA and wanted to undermine encryption on the Internet, an easy way would be to contribute patches with misleading docs, obfuscated code, and deceptive/insecure defaults to create the OpenSSL's API.
youtu.be/fwcl17Q0bpk?t=1690
NSA operation ORCHESTRA: Annual Status Report
YouTubedaniel:// stenberg://
in reply to Kornel • • •Kornel
in reply to daniel:// stenberg:// • • •It was especially relevant at the time of Snowden leaks and Heartbleed.
daniel:// stenberg://
in reply to Kornel • • •Hobson Lane
in reply to daniel:// stenberg:// • • •And nag people to death about self-signed certs and cookies.
And centralize access to webmail.
And #EEE (#enshittify) most popular apps for encrypted communication.
Anticipated all this a decade before Docororow coined the word #Enshittification
@kornel
Hobson Lane
in reply to daniel:// stenberg:// • • •He budgeted $1B for his ORCHESTRATION (#enshittification) thought experiment. The US MIC budget for this task is much much higher.
@kornel
rsalz
in reply to daniel:// stenberg:// • • •rsalz
in reply to rsalz • • •My post is at lwn.net/Articles/983411/
I do not believe Tim's response "we have support, they don't want to go public" based on what I've heard from people who are/were part of the OpenSSL org and what they were told.
Will not change anything [LWN.net]
lwn.netdaniel:// stenberg://
in reply to rsalz • • •lena
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to lena • • •Maximilian Hils
in reply to daniel:// stenberg:// • • •Will not^W change anything^Weverything [LWN.net]
lwn.netStefan Eissing
in reply to Maximilian Hils • • •Ondřej Surý
in reply to Stefan Eissing • • •daniel:// stenberg://
in reply to Ondřej Surý • • •@ondrej @icing "By aligning our roadmap with the community’s needs, we aim to deliver more timely and effective solutions."
my corporate lingo meter went all the way up to red
uis
in reply to daniel:// stenberg:// • • •chebra
in reply to daniel:// stenberg:// • • •