Profil

Cryptography is legitimately difficult, and as a rule most sysadmins don’t understand it

— TLS Mastery de Michael W Lucas (Page 23)

Cryptography is legitimately difficult, and as a rule most sysadmins don’t understand it

— TLS Mastery de Michael W Lucas (Page 23)

Secure Sockets Layer, or SSL, was an early transport layer security protocol. The Netscape Corporation wanted the ability to encrypt traffic between web servers and their spiffy new graphical browser, so in 1994 they created the primordial SSL and let a small group of people test it. It sort of worked and it let the testers experiment with ecommerce, but as with any protocol designed by a single institution it had numerous flaws. In 1995, Netscape hurriedly released the slightly more robust SSL version 2, followed by version 3 in 1996. Despite this quick succession of versions, SSL’s core cryptographic design was intrinsically and irreparably flawed. The IETF released version 1 of Transport Layer Security, or TLS, in 1999. It’s a direct descendant of SSL version 3, but the name was changed for political reasons. TLS 1.1 escaped in 2006, 1.2 in 2008, and 1.3 in 2018.

— TLS Mastery de Michael W Lucas (Page 21)

Of the innumerable things I detest about information technology, first prize goes to the word “security.” Not the concepts behind it, the actual word. The definition of “security” wobbles drunkenly all about the dictionary depending on who’s speaking, who’s listening, the context, and the distance to the nearest brute squad. It’s a transcendental state where everyone is perfectly safe from everyone, but it’s not inconvenient or intimidating or incomprehensible in the slightest. Security is Happy Fun Land, where everybody eats hot fudge sundaes all day every day without developing diabetes or gaining so much as a gram.

— TLS Mastery de Michael W Lucas (Page 19)