undefined | Better HN

0 pointsthrowawaymaths3y ago0 comments

It seems such a waste... You're chucking all that cryptography (ssl, encrypted cookies) away only to be redone every. single. Dom change

0 comments

movedx3y ago

Huh? How does HTMLx "chuck" away SSL (you meant TLS, right? I hope you're not using SSL) and encrypted cookies?

How about you try it and see?

devin3y ago

It’s fine to use SSL interchangeably with TLS IMO. It’s still called OpenSSL.

movedx3y ago

I suppose, but it's not really that big of an effort to just use the correct term for the correct version of the technology.

1 more reply

throwawaymathsOP3y ago

By chuck away I mean all those processor cycles to perform cryptographic verification... And then throw away the result because you have to do it on the next connect anyways

And I have written a library that does the full SSL handshake/upgrade cycle off of tcp sockets, and managed my own private CA, so I'm not a total idiot.

kaba03y ago

How is that different than all the other CSR SPAs that do a REST call on every button press as well? They do almost the same amount of work, and will also “throw away” the results.

1 more reply

dan12343y ago

Isn’t that mitigated with TLS session resumption and TLS 1.3’s 0-RTT?

j / k navigate · click thread line to collapse

0 comments

movedx3y ago

Huh? How does HTMLx "chuck" away SSL (you meant TLS, right? I hope you're not using SSL) and encrypted cookies?

How about you try it and see?

devin3y ago

It’s fine to use SSL interchangeably with TLS IMO. It’s still called OpenSSL.

movedx3y ago

I suppose, but it's not really that big of an effort to just use the correct term for the correct version of the technology.

1 more reply

throwawaymathsOP3y ago

By chuck away I mean all those processor cycles to perform cryptographic verification... And then throw away the result because you have to do it on the next connect anyways

And I have written a library that does the full SSL handshake/upgrade cycle off of tcp sockets, and managed my own private CA, so I'm not a total idiot.

kaba03y ago

How is that different than all the other CSR SPAs that do a REST call on every button press as well? They do almost the same amount of work, and will also “throw away” the results.

1 more reply

dan12343y ago

Isn’t that mitigated with TLS session resumption and TLS 1.3’s 0-RTT?

j / k navigate · click thread line to collapse