<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: galadran</title><link>https://news.ycombinator.com/user?id=galadran</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Tue, 07 Jul 2026 23:38:51 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=galadran" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by galadran in "NSA tries to weaken mlkem standardisation?"]]></title><description><![CDATA[
<p>In effect, yes it does.<p>The Recommended flag is set for X25519MLKEM768. It is not set for any of the pure PQ key exchanges.<p><a href="https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8" rel="nofollow">https://www.iana.org/assignments/tls-parameters/tls-paramete...</a></p>
]]></description><pubDate>Fri, 03 Jul 2026 10:40:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=48773401</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=48773401</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48773401</guid></item><item><title><![CDATA[New comment by galadran in "NSA tries to weaken mlkem standardisation?"]]></title><description><![CDATA[
<p>I'm afraid you've misunderstood. These codepoints are for the pure MLKEM key establishment that DJB is railing against.<p>All of these libraries also support the hybrid forms, which have different codepoints and are used by default. Nothing in the IETF process has any bearing on this.</p>
]]></description><pubDate>Thu, 02 Jul 2026 20:26:00 +0000</pubDate><link>https://news.ycombinator.com/item?id=48766911</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=48766911</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48766911</guid></item><item><title><![CDATA[New comment by galadran in "NSA tries to weaken mlkem standardisation?"]]></title><description><![CDATA[
<p>This is garbage from start to finish.<p>There are already codepoints assigned for MLKEM 512/768/1024 (0x0200, 0x0201, 0x0202) and nearly every major library supports it already:<p><pre><code>  - OpenSSL (ML-KEM-512/768/1024)
  - BoringSSL (ML-KEM-1024)
  - NSS (ML-KEM-1024)
  - AWS-LC (ML-KEM-512/768/1024)
  - Rustls (ML-KEM-768/1024)
  - s2n-tls (ML-KEM-1024)
  - Bouncy Castle (ML-KEM-512/768/1024)
  - Botan (ML-KEM-512/768/1024)
  - GnuTLS (ML-KEM-768/1024)
  - WolfSSL (ML-KEM-512/768/1024)</code></pre></p>
]]></description><pubDate>Thu, 02 Jul 2026 17:31:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=48764739</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=48764739</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48764739</guid></item><item><title><![CDATA[New comment by galadran in "Pact: Anonymous Credentials for the Web"]]></title><description><![CDATA[
<p>> If nothing changes, users will increasingly be forced to choose between their privacy and their access to the web<p>Shorter post: <a href="https://blog.mozilla.org/en/privacy-security/keeping-the-web-open-and-private-in-the-bot-era/" rel="nofollow">https://blog.mozilla.org/en/privacy-security/keeping-the-web...</a></p>
]]></description><pubDate>Tue, 23 Jun 2026 22:41:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=48652505</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=48652505</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48652505</guid></item><item><title><![CDATA[New comment by galadran in "Cloudflare Collaborates with Leading Browsers to Develop Privacy-First Protocol"]]></title><description><![CDATA[
<p>More details: <a href="https://blog.mozilla.org/en/privacy-security/keeping-the-web-open-and-private-in-the-bot-era/" rel="nofollow">https://blog.mozilla.org/en/privacy-security/keeping-the-web...</a></p>
]]></description><pubDate>Tue, 23 Jun 2026 21:35:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=48651795</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=48651795</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48651795</guid></item><item><title><![CDATA[Keeping the Web Open and Private in the Bot Era]]></title><description><![CDATA[
<p>Article URL: <a href="https://blog.mozilla.org/en/privacy-security/keeping-the-web-open-and-private-in-the-bot-era/">https://blog.mozilla.org/en/privacy-security/keeping-the-web-open-and-private-in-the-bot-era/</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=48647131">https://news.ycombinator.com/item?id=48647131</a></p>
<p>Points: 6</p>
<p># Comments: 0</p>
]]></description><pubDate>Tue, 23 Jun 2026 16:04:23 +0000</pubDate><link>https://blog.mozilla.org/en/privacy-security/keeping-the-web-open-and-private-in-the-bot-era/</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=48647131</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48647131</guid></item><item><title><![CDATA[New comment by galadran in "EU Council and Parliament reach agreement for approving controversial eIDAS law"]]></title><description><![CDATA[
<p>EU Commission FAQ (emphasis mine):<p>Recognition means that web browsers are required to ensure support and interoperability for the QWAC for the sole purpose of displaying identity data in a user-friendly manner. *Recognition of QWACs implies that browsers shouldn't question the origin, integrity or data in the certificate*.<p>However, the requirement to recognise QWACs does not affect browser security policies and leaves web browsers free to preserve their own procedures and criteria for encryption and authentication of *other certificates*.<p><a href="https://ec.europa.eu/commission/presscorner/detail/en/QANDA_21_2664" rel="nofollow noreferrer">https://ec.europa.eu/commission/presscorner/detail/en/QANDA_...</a></p>
]]></description><pubDate>Thu, 09 Nov 2023 10:33:43 +0000</pubDate><link>https://news.ycombinator.com/item?id=38203283</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=38203283</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38203283</guid></item><item><title><![CDATA[New comment by galadran in "Joint statement of scientists and NGOs on the EU’s proposed eIDAS reform"]]></title><description><![CDATA[
<p>As I commented there, you've misunderstood this change.<p>There's a difference between certificates distributed with the OS and certificates added to the OS by a user. Right now Firefox ignores both.<p>This change ONLY picks up the certificates added to the OS by a user. Firefox will continue to ignore the certificates included with the OS store by default.</p>
]]></description><pubDate>Fri, 03 Nov 2023 14:06:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=38128958</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=38128958</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38128958</guid></item><item><title><![CDATA[New comment by galadran in "Firefox Beta 120 trusts OS certificates by default"]]></title><description><![CDATA[
<p>There's a difference between certificates distributed with the OS and certificates added to the OS by a user. Right now Firefox ignores both. This change ONLY picks up the certificates added to the OS by a user.</p>
]]></description><pubDate>Fri, 03 Nov 2023 14:05:03 +0000</pubDate><link>https://news.ycombinator.com/item?id=38128943</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=38128943</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38128943</guid></item><item><title><![CDATA[New comment by galadran in "Last Chance to fix eIDAS: Secret EU law threatens Internet security"]]></title><description><![CDATA[
<p>"Agreed behind closed doors" would probably be better than "Secret Law" but I guess its a question of brevity.</p>
]]></description><pubDate>Thu, 02 Nov 2023 10:48:26 +0000</pubDate><link>https://news.ycombinator.com/item?id=38111601</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=38111601</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38111601</guid></item><item><title><![CDATA[New comment by galadran in "Last Chance to fix eIDAS: Secret EU law threatens Internet security"]]></title><description><![CDATA[
<p><a href="https://en.wikipedia.org/wiki/Formal_trilogue_meeting" rel="nofollow noreferrer">https://en.wikipedia.org/wiki/Formal_trilogue_meeting</a></p>
]]></description><pubDate>Thu, 02 Nov 2023 10:47:17 +0000</pubDate><link>https://news.ycombinator.com/item?id=38111589</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=38111589</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38111589</guid></item><item><title><![CDATA[New comment by galadran in "Last Chance to fix eIDAS: Secret EU law threatens Internet security"]]></title><description><![CDATA[
<p><a href="https://eidas-open-letter.org" rel="nofollow noreferrer">https://eidas-open-letter.org</a><p>The open letter signed by 300+ researchers, professors and experts.</p>
]]></description><pubDate>Thu, 02 Nov 2023 09:48:09 +0000</pubDate><link>https://news.ycombinator.com/item?id=38111119</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=38111119</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38111119</guid></item><item><title><![CDATA[New comment by galadran in "Last Chance to fix eIDAS: Secret EU law threatens Internet security"]]></title><description><![CDATA[
<p>Title should probably be: "Last Chance to fix eIDAS: Secret EU law threatens Internet security"</p>
]]></description><pubDate>Thu, 02 Nov 2023 08:48:05 +0000</pubDate><link>https://news.ycombinator.com/item?id=38110633</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=38110633</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38110633</guid></item><item><title><![CDATA[New comment by galadran in "Last Chance to fix eIDAS: Secret EU law threatens Internet security"]]></title><description><![CDATA[
<p><a href="https://last-chance-for-eidas.org/" rel="nofollow noreferrer">https://last-chance-for-eidas.org/</a></p>
]]></description><pubDate>Thu, 02 Nov 2023 08:33:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=38110526</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=38110526</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38110526</guid></item><item><title><![CDATA[New comment by galadran in "Firefox Beta 120 trusts OS certificates by default"]]></title><description><![CDATA[
<p>This isn't the right summary. Firefox uses it own root store still and ignores any certificates distributed by default in the OS. However, if the user installs their root to the OS, Firefox will also pick it up. This is how other browsers work.</p>
]]></description><pubDate>Wed, 25 Oct 2023 12:28:50 +0000</pubDate><link>https://news.ycombinator.com/item?id=38012063</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=38012063</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38012063</guid></item><item><title><![CDATA[New comment by galadran in "Encrypted Client Hello (ECH) Effectively Defeats Pirate Site Blocking"]]></title><description><![CDATA[
<p>Mozilla's launch earlier this week: <a href="https://blog.mozilla.org/en/products/firefox/encrypted-hello/" rel="nofollow noreferrer">https://blog.mozilla.org/en/products/firefox/encrypted-hello...</a></p>
]]></description><pubDate>Fri, 06 Oct 2023 18:26:07 +0000</pubDate><link>https://news.ycombinator.com/item?id=37794320</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=37794320</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=37794320</guid></item><item><title><![CDATA[New comment by galadran in "Encrypted Client Hello"]]></title><description><![CDATA[
<p>I believe CF and others buckled under pressure from major websites which didn't want to be used as fronts for other website's traffic. ECH fixes this because individual sites get to opt-in to using it.</p>
]]></description><pubDate>Fri, 29 Sep 2023 15:23:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=37705596</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=37705596</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=37705596</guid></item><item><title><![CDATA[New comment by galadran in "Encrypted Client Hello"]]></title><description><![CDATA[
<p>Any provider can deploy ECH, it's standardized at the IETF. Cloudflare are just first.</p>
]]></description><pubDate>Fri, 29 Sep 2023 15:22:09 +0000</pubDate><link>https://news.ycombinator.com/item?id=37705574</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=37705574</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=37705574</guid></item><item><title><![CDATA[New comment by galadran in "Encrypted Client Hello"]]></title><description><![CDATA[
<p>The point is that network operators can't tell which website the user is visiting, as it could be any of the sites hosted by the ECH provider.<p>In this case, Cloudflare are acting as the ECH provider and as they already host the websites, they already see the connection plaintext.</p>
]]></description><pubDate>Fri, 29 Sep 2023 15:19:10 +0000</pubDate><link>https://news.ycombinator.com/item?id=37705530</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=37705530</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=37705530</guid></item><item><title><![CDATA[New comment by galadran in "This shouldn't have happened: A vulnerability postmortem"]]></title><description><![CDATA[
<p>The disclosure and test cases: <a href="https://www.openwall.com/lists/oss-security/2021/12/01/4" rel="nofollow">https://www.openwall.com/lists/oss-security/2021/12/01/4</a></p>
]]></description><pubDate>Wed, 01 Dec 2021 19:28:37 +0000</pubDate><link>https://news.ycombinator.com/item?id=29408069</link><dc:creator>galadran</dc:creator><comments>https://news.ycombinator.com/item?id=29408069</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=29408069</guid></item></channel></rss>