User: Password:
|
|
Subscribe / Log in / New account

TLS renegotiation vulnerability

TLS renegotiation vulnerability

Posted Nov 19, 2009 22:28 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
In reply to: TLS renegotiation vulnerability by dion
Parent article: TLS renegotiation vulnerability

Greenfield cryptoalgorithms tend to be bad, yes.

But the new Plain XML Security Protocol should use existing crypto. There's no need to reinvent the wheel.

Everything other should be mercilessly killed. I.e. ASN.1, X.509, PKCS#I'd_be_damned_if_I_remember and so on.

I think it can be done. Sometimes I even think to start writing it...


(Log in to post comments)

Why not

Posted Nov 20, 2009 7:35 UTC (Fri) by man_ls (guest, #15091) [Link]

It should be fun. Unfortunately the inertia of legacy implementations is often so heavy that many new efforts are not even considered. The case that always comes to my mind is the sad story of the D programming language. It looks quite interesting, but it has failed to gain wide support. Meanwhile the namespace was miserably trampled by Sun engineers with the language used in DTrace (I guess they didn't know about the former, or the temptation to use "D" was too irresistible).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds