Hacker News new | past | comments | ask | show | jobs | submit login

How ironic. Even these guys hosting a paper about SSL can't host their stuff securely on an HTTPS server.

<base href="http://crypto.stanford.edu/~dabo/pubs/pubs.html>;

This causes the page to throw an HTTPS warning: "this page loads insecure content" due to the css loaded over HTTP.




Yes, yes, stupid Dan Boneh, extracts SSL keys from servers over the Internet using timing measurements, but can't properly write an HTML page, we get it. Credibility -> toilet.


No, this is not what I meant. I pointed out that even if you are a security expect, technology stacks (HTML/HTTP in this case) are not designed well enough to make security easy. IOW my anecdote confirms the paper's conclusion.


Because being talented at one thing means you're talented at everything.


The two things here being "finding critical vulnerabilities in the TLS protocol and its implementations, and generally being one of the most highly-regarded academic practical cryptographers" and "writing HTML". Trenchant point.


Exactly (I think people might assume I was disagreeing), the skill sets are wildly different in many ways.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: