What monumental cowardice. The "high ideological rhetoric" is something not even mildly "ideological". And then it's their fault that the shitty dudebros of HN had a fit? Please ban me from the orange hellsite so that…
> The layperson doesn't have to understand the intricacies of email protocols, it's enough that they consider email to be non-repudiable. They consider it non-repudiable not because of DKIM, it's just a common…
> The only reason why laypersons consider email to be non-repudiable is because of additional protocols like SPF and DKIM that were implemented after the original spec You really think that laypersons have any idea of…
You do realize that email is older than DKIM? And that commerce existed before emails? You don't need DKIM to solve the issues you've pointed out. Again: How many disputes like that have been resolved with DKIM?
You can dispute that without DKIM. How many disputes like that have been resolved with DKIM?
You didn't answer it. In which scenario Amazon would deny sending an email and you would be protected by DKIM?
Then digitally sign it. Sign and scan it. Do not require signing every single email you send to protect 0,1% of them.
Why do you need Amazon to digitally sign a contract?
So maybe digitally sign the contracts instead of unwillingly sign every single email you send?
Sure. So why do we need DKIM to authenticate contracts?
I meant: authenticating a contract via email. I guess you sign and scan them?
Sure. But what authenticates the contract? Do you sign and scan them?
So... no need for DKIM
It's still a terrible idea...
We could catch a lot of criminals if we every OS had a backdoor that the police could access. So, are you in favor of that?
Good luck arguing that Gmail forged and signed an email from you.
Entering an contract via an email is a ridiculous idea from the start.
Exactly, downvotes hurt so much!
It's the opposite, really. It improved a lot after the heartbleed issue.
If one implements ECDSA, but does not follow SECG, one is also doing it wrong on multiple levels. Yet here we are.
That simply does not work in the real world. Also, why does this only applies to crypto? A RCE vuln can have a much larger impact than mishandling cofactors. Should we have canonical implementations of every piece of…
It's difficult to assess one's "comfort" with the math. I've been working with crypto for more then 10 years and I wouldn't say that I'm perfectly "comfortable" (e.g. the Ristretto stuff). Should I stop working with it?
> malleability is not one of them, if one is following RFC 8032 This is like claiming Weierstrass curves don't have any problems if you follow the NIST/SECG standards. The whole point of the "SafeCurves" it to be easier…
That's a good example of how a "SafeCurve" caused a vulnerability that wouldn't exist in Weierstrass curve. But many smart people made many such mistakes in the past. If we gatekeep it to much then we won't have anyone…
> Montgomery curves work well with the montgomery ladder, which is easy to use in constant time, and that any 32-byte string is a valid public key for ECDH. You can also have Montgomery ladder an a 32-byte encoding with…
What monumental cowardice. The "high ideological rhetoric" is something not even mildly "ideological". And then it's their fault that the shitty dudebros of HN had a fit? Please ban me from the orange hellsite so that…
> The layperson doesn't have to understand the intricacies of email protocols, it's enough that they consider email to be non-repudiable. They consider it non-repudiable not because of DKIM, it's just a common…
> The only reason why laypersons consider email to be non-repudiable is because of additional protocols like SPF and DKIM that were implemented after the original spec You really think that laypersons have any idea of…
You do realize that email is older than DKIM? And that commerce existed before emails? You don't need DKIM to solve the issues you've pointed out. Again: How many disputes like that have been resolved with DKIM?
You can dispute that without DKIM. How many disputes like that have been resolved with DKIM?
You didn't answer it. In which scenario Amazon would deny sending an email and you would be protected by DKIM?
Then digitally sign it. Sign and scan it. Do not require signing every single email you send to protect 0,1% of them.
Why do you need Amazon to digitally sign a contract?
So maybe digitally sign the contracts instead of unwillingly sign every single email you send?
Sure. So why do we need DKIM to authenticate contracts?
I meant: authenticating a contract via email. I guess you sign and scan them?
Sure. But what authenticates the contract? Do you sign and scan them?
So... no need for DKIM
It's still a terrible idea...
We could catch a lot of criminals if we every OS had a backdoor that the police could access. So, are you in favor of that?
Good luck arguing that Gmail forged and signed an email from you.
Entering an contract via an email is a ridiculous idea from the start.
Exactly, downvotes hurt so much!
It's the opposite, really. It improved a lot after the heartbleed issue.
If one implements ECDSA, but does not follow SECG, one is also doing it wrong on multiple levels. Yet here we are.
That simply does not work in the real world. Also, why does this only applies to crypto? A RCE vuln can have a much larger impact than mishandling cofactors. Should we have canonical implementations of every piece of…
It's difficult to assess one's "comfort" with the math. I've been working with crypto for more then 10 years and I wouldn't say that I'm perfectly "comfortable" (e.g. the Ristretto stuff). Should I stop working with it?
> malleability is not one of them, if one is following RFC 8032 This is like claiming Weierstrass curves don't have any problems if you follow the NIST/SECG standards. The whole point of the "SafeCurves" it to be easier…
That's a good example of how a "SafeCurve" caused a vulnerability that wouldn't exist in Weierstrass curve. But many smart people made many such mistakes in the past. If we gatekeep it to much then we won't have anyone…
> Montgomery curves work well with the montgomery ladder, which is easy to use in constant time, and that any 32-byte string is a valid public key for ECDH. You can also have Montgomery ladder an a 32-byte encoding with…