On Wed, 23 Apr 2014 06:13:03 -0700, David McClain wrote: >> . The design is just plain wrong. > > Is that statement the benefit of hindsight knowledge, or do you have a > more intelligent thought process behind it? (I can imagine the > all-knowing smirk in the background, but I'd really like to know :-)
The exact opposite of all-knowing ;). In my opinion the TLS standard is too complex. Parts of it like the keep-alive, which is also a path MTU checking *framework*, as criticized by me (and further down discussed with Pascal). Many security professionals have criticized the TLS committee for their standards. As a side note: OpenSSL has roughly 500k lines of code, I don't think its feasible to assure security on a code base of this magnitude. If I imagine to implement a security protocol, e.g. "this code should be kept short and really really safe", and be confronted with e.g. the Heartbeat extension, I imagine despair. So my conclusion is, a widely used security standard should be engineered well enough to be possible to implement correctly, even in a 4 digit ANSI C code base. _______________________________________________ pro mailing list pro@common-lisp.net http://common-lisp.net/cgi-bin/mailman/listinfo/pro
