[go: up one dir, main page]
|
|
Log in / Subscribe / Register

LibreSSL languishes on Linux

LibreSSL languishes on Linux

Posted Jan 7, 2021 10:45 UTC (Thu) by Karellen (subscriber, #67644)
In reply to: LibreSSL languishes on Linux by tialaramex
Parent article: LibreSSL languishes on Linux

If you want to blame somebody for the fact that HTTP out of the box wasn't secure, I recommend blaming Tim.

As someone who has issues with Tim due to his stance on EME and other user-hostile additions to recent web specs, I find this a bit harsh. HTTP is clearly modelled on similar protocols of the era, like FTP, SMTP and NNTP, all of which were similarly insecure. Tim was copying standard network protocol practices of the time, and adding encryption to early HTTP specs would have been a mammoth task for one person's personal project. Especially if they probably didn't have extensive cryptographic experience, and for a protocol that no-one at the time could have predicted would be as important and ubiquitous as it eventually turned out to be.

to post comments

LibreSSL languishes on Linux

Posted Jan 7, 2021 11:49 UTC (Thu) by geert (subscriber, #98403) [Link] (2 responses)

Exactly. In those days, everybody was well-behaving on the Internet. People logged in to remote systems using telnet and rlogin, ran commands on remote systems using rsh, and used "xhost +" to interact graphically with programs running on remote systems.

After one-too-many pranks, the latter was quickly replaced by custom scripts calling xauth and copying over magic cookies to remote systems.
As network sniffing increased, people started to worry about security. Fortunately ssh (incl. -X) arrived, making most of the above issues moot.
But the WWW was still (mostly) limited to plain HTTP...

LibreSSL languishes on Linux

Posted Jan 7, 2021 13:15 UTC (Thu) by pizza (subscriber, #46) [Link] (1 responses)

> But the WWW was still (mostly) limited to plain HTTP...

Don't forget that at the time, there were some very real legal issues with respect to strong encryption.

LibreSSL languishes on Linux

Posted Jan 7, 2021 13:20 UTC (Thu) by geert (subscriber, #98403) [Link]

Oh right, I almost forgot about the need to publish the book "PGP Source Code and Internals", as a way to bypass limitation of exporting digital code (https://en.wikipedia.org/wiki/Phil_Zimmermann#PGP)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds