Hey, this is largely off-topic but worth a punt: do you have any info on when AWS IoT (maybe other AWS services as well?) will move off the dependency on the Verisign RSA/SHA-1 CA? I'd love to get a certificate chain…
Ah cheers for the link. Yeah a proof at the level of abstraction up from a single pattern would be lovely. I don't really have 'concerns' as such: it's just if your risk profile is the thing that has kicked you away…
I would definitely agree, yeah. Notwithstanding the legacy protocol core, Noise has great potential to allow people to step away from the asn1, X509 etc TLS cruft. Comparing between those two options is a question of…
I don't think you can deem mbedTLS too risky on one hand, and then on the other recommend Noise, with it's slew of unfinished and largely unverified libraries. Outside of the WireGuard RHUL effort for a specific…
When you're that small it really requires more context. What are you trying to do? I've deployed TLS in 50 KiB flash and 6 Kb RAM. But I could rely on hardware support for some public key operations and could pick a…
Ha yeah, composition was a bad choice of word. Maybe an quick example off the top of my head would be: you know you need to authenticate and perhaps additionally 'encrypt' something --- for say a software update, fancy…
I think the most useful parts of the document are the 'really try hard to use TLS for any comms problem' or 'try to use Amazon's key management for encryption' answers, and pointers to good libraries. Beyond that:…
Advice for that kind of problem typically requires a lot more context, e.g.: * You need to do symmetric crypto between two MCUs, where only one has an RNG; * You need to do symmetric crypto with no RNG; * You can't rely…
I agree that OpenSSL is likely the most robust library out there, and if you're talking about provisioning your web server / doing some https from a high-level language then it's definitely the sane choice. (fwiw, I had…
Hey, this is largely off-topic but worth a punt: do you have any info on when AWS IoT (maybe other AWS services as well?) will move off the dependency on the Verisign RSA/SHA-1 CA? I'd love to get a certificate chain…
Ah cheers for the link. Yeah a proof at the level of abstraction up from a single pattern would be lovely. I don't really have 'concerns' as such: it's just if your risk profile is the thing that has kicked you away…
I would definitely agree, yeah. Notwithstanding the legacy protocol core, Noise has great potential to allow people to step away from the asn1, X509 etc TLS cruft. Comparing between those two options is a question of…
I don't think you can deem mbedTLS too risky on one hand, and then on the other recommend Noise, with it's slew of unfinished and largely unverified libraries. Outside of the WireGuard RHUL effort for a specific…
When you're that small it really requires more context. What are you trying to do? I've deployed TLS in 50 KiB flash and 6 Kb RAM. But I could rely on hardware support for some public key operations and could pick a…
Ha yeah, composition was a bad choice of word. Maybe an quick example off the top of my head would be: you know you need to authenticate and perhaps additionally 'encrypt' something --- for say a software update, fancy…
I think the most useful parts of the document are the 'really try hard to use TLS for any comms problem' or 'try to use Amazon's key management for encryption' answers, and pointers to good libraries. Beyond that:…
Advice for that kind of problem typically requires a lot more context, e.g.: * You need to do symmetric crypto between two MCUs, where only one has an RNG; * You need to do symmetric crypto with no RNG; * You can't rely…
I agree that OpenSSL is likely the most robust library out there, and if you're talking about provisioning your web server / doing some https from a high-level language then it's definitely the sane choice. (fwiw, I had…