undefined | Better HN

0 pointsbaby6y ago0 comments

I have to agree with Frank. TLS has proven itself to be extremely hard to implement or use correctly. And why use certificates If you can use plainkeys? There are other choices, like Noise.

0 comments

tialaramex6y ago

> why use certificates If you can use plainkeys?

TLS is for use to connect arbitrary peers on the Internet, which means you're going to need a PKI. So that means certificates.

I don't happen to agree with Noise's philosophy about agility, but that's one of those things where we'd have to agree to disagree in the short term. In terms of replacing TLS, Noise just isn't in the picture at all.

babyOP6y ago

For browsers sure. But if you're not using a browser and you're using TLS it's just a bad idea.

You can do PKI with plainkeys. You definitely don't need the complexity or x509 certs.

tialaramex6y ago

Nope. As I said, if you need a transport layer to connect arbitrary peers over the Internet, TLS is exactly what the doctor ordered and it already exists. Already studied, already got libraries that implement it, already got test frameworks, everything is in place. An alternative even if it was technically no worse (which isn't guaranteed) and available today (impossible) doesn't have those things.

> You can do PKI with plainkeys.

Nope. A PKI specifically involves the binding of keys to identity, that's what the certificates are for. You don't have to have X.509 (though I'll argue you might as well) but you need that binding.

j / k navigate · click thread line to collapse

0 comments

tialaramex6y ago

> why use certificates If you can use plainkeys?

TLS is for use to connect arbitrary peers on the Internet, which means you're going to need a PKI. So that means certificates.

babyOP6y ago

For browsers sure. But if you're not using a browser and you're using TLS it's just a bad idea.

You can do PKI with plainkeys. You definitely don't need the complexity or x509 certs.

tialaramex6y ago

> You can do PKI with plainkeys.

Nope. A PKI specifically involves the binding of keys to identity, that's what the certificates are for. You don't have to have X.509 (though I'll argue you might as well) but you need that binding.

j / k navigate · click thread line to collapse