The most dangerous code in the world: validating SSL certificates in non-browser software
- Martin Georgiev, S. Iyengar, S. Jana, Rishita Anubhai, D. Boneh, Vitaly Shmatikov
- Computer ScienceConference on Computer and Communications…
- 16 October 2012
It is demonstrated that SSL certificate validation is completely broken in many security-critical applications and libraries and badly designed APIs of SSL implementations and data-transport libraries which present developers with a confusing array of settings and options are analyzed.
Delegated Credentials for TLS
This document describes a mechanism to allow TLS server operators to create their own credential delegations without breaking compatibility with clients that do not support this specification.
Moving fast at scale: Experience deploying IETF QUIC at Facebook
- S. Iyengar
- Computer ScienceProceedings of the Workshop on the Evolution…
- 4 December 2018