2013.05.23 17:26:39 (337590406097276928) from Daniel J. Bernstein, replying to "Bram Cohen🌱 (@bramcohen)" (337579754045726721):
Many real-world VPNs have exactly this security feature. It's just a historical accident that HTTPS gets the layering wrong. @bramcohen
2013.05.23 03:36:45 (337381553170698240) from Daniel J. Bernstein:
New MinimaLT protocol spearheaded by Mike Petullo: faster than TCP, higher security than TLS. http://cr.yp.to/tcpip/minimalt-20130522.pdf We helped w/the crypto.
2013.05.23 04:30:07 (337394983281766400) from "Bram Cohen🌱 (@bramcohen)":
@hashbreaker I thought the argument that security should be provided at a higher layer of abstraction already won a while ago.
2013.05.23 07:51:40 (337445707449507841) from Daniel J. Bernstein, replying to "Bram Cohen🌱 (@bramcohen)" (337394983281766400):
VPNs (IPsec, ssh) run TCP above the security layer; stops RST forgery if done right (not ssh). Who says that the opposite "won"? @bramcohen
2013.05.23 16:44:19 (337579754045726721) from "Bram Cohen🌱 (@bramcohen)":
@hashbreaker Okay, doing crypto at a lower layer can help with DOS from forgery, but nothing deployed in the real world actually does that.