Why would anyone want to use a complex kludge like QUIC and be at the mercy of broken TLS libraries, when Wireguard implementations are ~ 5k LOC and easily auditable?

Have all the bugs in OpenSSL over the years taught us nothing?

▲

dpeckett 8 hours ago | parent | next [-]

FWIW QUIC enforces TLS 1.3 and modern crypto. A lot smaller surface area and far fewer foot-guns. Combined with memory safe TLS implementations in Go and Rust I think it's fair to say things have changed since the heartbleed days.

	▲	timschmidt 2 hours ago \| parent \| next [-]
		> I think it's fair to say things have changed since the heartbleed days. The Linux Foundation is still funding OpenSSL development after scathing review of the codebase[1], so I think it's fair to say things haven't changed a bit. 1: https://www.openbsd.org/papers/bsdcan14-libressl/
	▲	szundi 5 hours ago \| parent \| prev [-]
		[dead]

▲

zoobab 5 hours ago | parent | prev [-]

"Have all the bugs in OpenSSL over the years taught us nothing?"

TweetNaCL to the rescue.