:: Re: [DNG] OpenSSL, BoringSSL, Libre…
Top Pagina
Delete this message
Reply to this message
Auteur: Kevin Chadwick
Datum:  
Aan: dng
Onderwerp: Re: [DNG] OpenSSL, BoringSSL, LibreSSL and TLS protocol
On 27/09/2024 13:35, Martin Steigerwald wrote:
> However I did not look into how and to what extent TLS 1.3 and PQC are
> simpler than TLS 1.2.
>


TLS 1.3 reduces the cryptography options quite drastically. It's possible post
quantum crypto will complicate that again though. Hopefully not too much.

> And I do not really agree to top-down centrally managed trust
> relationships.


Agreed and this adds to the potential of certificate handling vulnerabilities.
OpenSSH certificate handling is much simpler.