nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpq5zducn0qs573hhreraem60awk3dpfc8xsqj4cy9yj0d76epxrmasuu2aqy nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqq2u2afqm22e4k9kt4rxvl205pks6zmx...
@nprofile1q...
@nprofile1q... @nprofile1q... @nprofile1q... Not having a baseline way of explaining what the set of threat models and security guarantees it's designed to be able to meet is a red flag, especially on a complex, reconfigurable protocol stack. It means that if someone wants to use it for something real, they have to start from scratch in analyzing the security properties of each element in the configurations they might use, then analyze how those elements interact, etc. The same thing applies with trying to figure out if this protocol stack is or can be appropriate to solve a given particular problem.
In a lot of cases, it's going to be easier to start from scratch and build simpler, smaller components designed directly around the security guarantees and architecture your specific project needs. The expensive part of a piece of software is not the code, it's the team that has a living, detailed model of the code in their heads โ a technical model, a user experience model, a security model, and a performance model, at a minimum. To be worth seriously adopting, a protocol stack should at the very least attempt to make this legible to developers.
@nprofile1q... @nprofile1q... @nprofile1q... Not having a baseline way of explaining what the set of threat models and security guarantees it's designed to be able to meet is a red flag, especially on a complex, reconfigurable protocol stack. It means that if someone wants to use it for something real, they have to start from scratch in analyzing the security properties of each element in the configurations they might use, then analyze how those elements interact, etc. The same thing applies with trying to figure out if this protocol stack is or can be appropriate to solve a given particular problem.
In a lot of cases, it's going to be easier to start from scratch and build simpler, smaller components designed directly around the security guarantees and architecture your specific project needs. The expensive part of a piece of software is not the code, it's the team that has a living, detailed model of the code in their heads โ a technical model, a user experience model, a security model, and a performance model, at a minimum. To be worth seriously adopting, a protocol stack should at the very least attempt to make this legible to developers.
2
