• Publications
  • Influence
The most dangerous code in the world: validating SSL certificates in non-browser software
TLDR
It is demonstrated that SSL certificate validation is completely broken in many security-critical applications and libraries and badly designed APIs of SSL implementations and data-transport libraries which present developers with a confusing array of settings and options are analyzed. Expand
Moving fast at scale: Experience deploying IETF QUIC at Facebook
  • S. Iyengar
  • Computer Science
  • Proceedings of the Workshop on the Evolution…
  • 4 December 2018
Delegated Credentials for TLS
TLDR
This document describes a mechanism to allow TLS server operators to create their own credential delegations without breaking compatibility with clients that do not support this specification. Expand