Comment by charcircuit
4 hours ago
Just because OpenSSL had a CVE posted about today, that didn't mean we should go back to use HTTP for the web.
4 hours ago
Just because OpenSSL had a CVE posted about today, that didn't mean we should go back to use HTTP for the web.
It does mean we should recognize that SSL is nice for some basic privacy/security, but not perfect security.
Same with remote attestation. Not all implementations are actually secure. But hopefully over time those security bugs can be ironed out and the cost to extract a key be made infeasable.