Olivia
Online
David Benjamin
@davidben__
There are lots of people with my name. I'm the Chromium (and cuttlefish) one. I work on TLS, privacy, and general amusements in Chrome.
Joined November 2014
144 Following
991 Followers
423 Posts
@ericlaw Denotes a boolean in structured fields. https://t.co/ysljC2CknB
@ericlaw Probably PSS and your decoder hasn't been updated for 1.3? The codepoints are no longer decomposed into hash/sig tuples as that's not how signature schemes work in general.
@ericlaw TLS 1.2 changed a bunch of them too, to add the signature algorithm. Anything after ClientHello and bits of ServerHello has always been version-specific and fair game to change.
@h4kr @BruceDawson0xB That guidance always worried me. Asking devs to think about worst case bounds on every map feels akin to thinking about whether some missed check is exploitable. Much lower stakes, but still a bit error-prone of a default for my comfort.
Who to follow
@taviso @GuidoVranken Different reuse there, but yeah X509's setters basically don't work. Except you need to setters to issue certs, so it's a mess. No idea whether anyone actually relies on this particular case. I just reviewed the diff and noticed it broke something they previously had code for.
@BRIAN_____ It also catched bugs. We learned as a result that a few projects imported RSA keys wrong and swapped p and q! They just never noticed because CRT would always fail and then fallback in OpenSSL, making RSA signing unnecessarily slow.
@DrawsMiguel @shafikyaghmour I want a strict aliasing sanitizer, less to check my code (though that too) but really to demonstrate that no real world C code actually follows that rule.
@BRIAN_____ @djco @FiloSottile The spec reference in the bug is wrong; ClientHello.legacy_version is not the same as the record layer version.
And yeah I doubt that is the issue. The record layer version is totally meaningless and vestigial.
@hanno @buherator @agl__ Thanks to that mess, it takes more bytes to encode RSA-PSS *parameters* in X.509 than to encode an entire ECDSA signature. PSS is singlehandedly the reason X.509 signature algorithms aren't a plain enum.
Picking parameters: https://t.co/RCGoLZDsCc. (It was too long for Twitter.)
@FiloSottile @taviso @GuidoVranken Whether it's a bug in ModSqrt is up to interpretation. Tonelli-Shanks ultimately only works for primes. Always terminating is prudent. But accepting random attacker-supplied coefficients is a bad idea and forbidden by RFC5480. IMO that's the root bug, which doesn't affect Go.
@bascule @SchmiegSophie @cryptodavidw @cronokirby Malleability of (r, s) aside, parsing ECDSA signatures with DER should be perfectly compatible with real world TLS. Our implementation is strict, and OpenSSL hasn't accepted invalid DER here since 2015.
@RichSalz @sleevi_ @bascule @cwallace_bass I still don't even know how to read the new syntax! I can guess at it, but I've yet to have to learn it properly.
I look forward to all the latent X.509 bugs around 2050, as we rollover from UTCTime to GeneralizedTime.
Did you think we were done with two-digit years after Y2K? Well, X.509 has some news for you!
@__phantomderp @strega_nil @DrawsMiguel https://t.co/gyfjpNK1Fo is the memcpy language bug. That one is bad enough that we had to add wrapper functions for memcpy because constantly worrying about whether a slice could be empty is not reasonable.
@__phantomderp @strega_nil @DrawsMiguel Fixing NULL + 0 would also be good. Both it and the memcpy(NULL, 0) language bug affected real world code in BoringSSL. If you have a function that takes ptr,len, NULL,0 is the natural way to say empty slice. But C is full of unnecessary places that break when you do that.
@RichSalz Well, AES is still significant progress. For GHASH, BearSSL has a writeup of a very neat strategy. I have some code I can contribute there if interested.
Last Seen Users on Sotwe
BINOR Mama muda
Seen from Malaysia
PasukanPemburuMemek
Seen from Indonesia
Klien moride
Seen from Japan
Redeir
Seen from France
گپ شپ😍
Seen from United States
Shontell Zehn
Seen from Japan
Gavat Kocaların Boynuz Yeme Mekanı
Seen from Turkey
Clarice Boaventura enjoy 70% off! 💕 
Seen from France
florecita y su corneador
Frank310310
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers