The cr.yp.to microblog: 2013.05.23 17:26:39

2013.05.23 17:26:39 (337590406097276928) from Daniel J. Bernstein, replying to "Bram Cohen🌱 (@bramcohen)" (337579754045726721):

Many real-world VPNs have exactly this security feature. It's just a historical accident that HTTPS gets the layering wrong. @bramcohen

Context

2013.05.23 03:36:45 (337381553170698240) from Daniel J. Bernstein:

New MinimaLT protocol spearheaded by Mike Petullo: faster than TCP, higher security than TLS. http://cr.yp.to/tcpip/minimalt-20130522.pdf We helped w/the crypto.

2013.05.23 04:30:07 (337394983281766400) from "Bram Cohen🌱 (@bramcohen)":

@hashbreaker I thought the argument that security should be provided at a higher layer of abstraction already won a while ago.

2013.05.23 07:51:40 (337445707449507841) from Daniel J. Bernstein, replying to "Bram Cohen🌱 (@bramcohen)" (337394983281766400):

VPNs (IPsec, ssh) run TCP above the security layer; stops RST forgery if done right (not ssh). Who says that the opposite "won"? @bramcohen

2013.05.23 16:44:19 (337579754045726721) from "Bram Cohen🌱 (@bramcohen)":

@hashbreaker Okay, doing crypto at a lower layer can help with DOS from forgery, but nothing deployed in the real world actually does that.