User: Password:
|
|
Subscribe / Log in / New account

TLS renegotiation vulnerability

TLS renegotiation vulnerability

Posted Nov 19, 2009 16:16 UTC (Thu) by dion (guest, #2764)
In reply to: TLS renegotiation vulnerability by Cyberax
Parent article: TLS renegotiation vulnerability

You know, I think you're right!

However, the trouble with reimplementing a security is that security is hard, so hard that people who do go greenfield then tend to implement horrible, nasty, disastrous things like the java keystore and the java keytool.

Granted, the jks might be an unfair example as thats where SUN seems to put their dimmest interns.

I wonder if it's at all possible to get both high quality crypto code and well-designed protocols and APIs out of the same brains.


(Log in to post comments)

TLS renegotiation vulnerability

Posted Nov 19, 2009 17:11 UTC (Thu) by nye (guest, #51576) [Link]

>I wonder if it's at all possible to get both high quality crypto code and well-designed protocols and APIs out of the same brains.

If only we could get funding for a research project to find out!

TLS renegotiation vulnerability

Posted Nov 19, 2009 22:28 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

Greenfield cryptoalgorithms tend to be bad, yes.

But the new Plain XML Security Protocol should use existing crypto. There's no need to reinvent the wheel.

Everything other should be mercilessly killed. I.e. ASN.1, X.509, PKCS#I'd_be_damned_if_I_remember and so on.

I think it can be done. Sometimes I even think to start writing it...

Why not

Posted Nov 20, 2009 7:35 UTC (Fri) by man_ls (guest, #15091) [Link]

It should be fun. Unfortunately the inertia of legacy implementations is often so heavy that many new efforts are not even considered. The case that always comes to my mind is the sad story of the D programming language. It looks quite interesting, but it has failed to gain wide support. Meanwhile the namespace was miserably trampled by Sun engineers with the language used in DTrace (I guess they didn't know about the former, or the temptation to use "D" was too irresistible).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds