Ah jesus christ why do we have to have the same conversation every other day on here
To E2E encrypt DMs, you will likely have to abandon support for DMs in the web clients.
@colmmacc I'm talking about upstreaming the idea to IEEE for consideration in the POSIX standard.
Linux has already moved the record layer to the Kernel (lwn.net/Articles/66650…). Restricting this to TLS 1.3's simpler state machine might reduce the risk somewhat, but I agree it's iffy.
The Secure Socket API: TLS as an Operating System Service.
It took 317 lines of code to download something securely with OpenSSL APIs. The authors propose replacing this with a POSIX socket style API for TLS. #usesec18usenix.org/conference/use…
Haven’t thought this through. But using your private for anything but key operations (signing) makes my hair in the neck stand up. Why on earth is this a good strategy?
datatracker.ietf.org/doc/draft-crem…
@rootlabs@grittygrease@Kryptoblog@BerndPaysan@brouhaha That'd work, too. Though, since the signature must not be exposed and is ultimately fed through a PRF, risk here "seems small." I'm happy to chat about this more.
@grittygrease@Kryptoblog@BerndPaysan@brouhaha I don’t like that the tag is up to the implementation to generate. You end up signing arbitrary data, where the signature could be reused elsewhere. Better to derive a key via a KDF and a unique but exact tag specified in the standard.