[colug-432] crypto is not auditable for weaknesses by mere mortals who
Jeff Frontz
jeff.frontz at gmail.com
Thu Jan 29 16:04:03 EST 2015
On Thu, Jan 29, 2015 at 3:33 PM, Rick Troth <rmt at casita.net> wrote:
> On 01/29/2015 03:28 PM, Jeff Frontz wrote:
>>> > The requester recently
>>> > implemented a TLS implementation for his employer
>> That would seem like something that one should never say out loud in a
>> public place (or put on a LinkedIn profile).
>
> Curious ... why? Sounds pretty cool to me. What I know of TLS/SSL that's
> something to be proud of.
>
> Don't the MatrixSSL and GnuTLS and OpenSSL authors have their names out
> there?
I was assuming the first mention was of someone doing a home-brew
implementation (i.e., a "mere mortal") vs. someone who
eats/sleeps/lives/breaths security/cryptography (which I'm assuming
the authors you mention do).
I would be careful of detailing the security implementation of my
employer's infrastructure in general, but more so if I'd rolled my
own: either gives the bad guys more information than they need to
know, but one also (potentially) says "may not be quite as robust as
those constructed by 'immortals' and reviewed by other 'immortals' and
a huge community of 'mere mortals'".
Jeff
More information about the colug-432
mailing list