Comment by 1shooner
1 month ago
>We trust TLS
Is this really an apt comparison? I understood the trust in TLS to be built on open RFCs and implementation stacks. Even then, whenever I send private data, I take specific steps to verify I am using that trusted stack. That is not the experience described in the article.
> I take specific steps to verify I am using that trusted stack
I would be very interested to hear what these specific steps are. How do you make sure that this TLS stack really does implement the RFC? How do you know that each connection is indeed encrypted, and it doesn't start sending plaintext after, say 30 days of usage?