The cr.yp.to microblog: 2013.02.20 02:14:33

2013.02.20 02:14:33 (304036282227621892) from Daniel J. Bernstein, replying to "Matthew Green (@matthew_d_green)" (301339727733338113):

@matthew_d_green This "untrusted servers" obsession is _not_ the worst part of HTTPSEC. The talk explicitly pinpoints the worst part.

Context

2013.02.08 17:13:58 (299913976282771456) from Daniel J. Bernstein:

You think HTTPS has problems? The HTTPSEC proposal is much, much, much worse. http://cr.yp.to/talks/2013.02.07/slides.pdf includes some analysis of HTTPSEC.

2013.02.12 15:39:24 (301339727733338113) from "Matthew Green (@matthew_d_green)":

@hashbreaker Your argument (at the end) is that we've solved the link-level security problem -- ergo this is the only problem.