Twitter | Search | |
BrendanEich
Co-founder & CEO Software () and (). Co-founded Mozilla & Firefox. Created JavaScript.
105,216
Tweets
1,080
Following
137,026
Followers
Tweets
BrendanEich 2m
Unless granted an exception.
Reply Retweet Like
BrendanEich 3m
Let me try one last time. With TLS, you don't have to trust the routers in between your device and the origin server; if one is doing MitM you'll see error reports on your device. With ads.txt you have to trust middlemen to check integrity from good will; if they don't, no error.
Reply Retweet Like
BrendanEich 7m
Don't let George in!
Reply Retweet Like
BrendanEich retweeted
BrendanEich Dec 14
Existential Star Wars (In French)
Reply Retweet Like
BrendanEich 12m
Replying to @BrendanEich
Reply Retweet Like
BrendanEich retweeted
BrendanEich 20m
Longer Bubble Boy bit:
Reply Retweet Like
BrendanEich 20m
Longer Bubble Boy bit:
Reply Retweet Like
BrendanEich 22m
Is NZ the "boy in the bubble" who from Seinfeld?
Reply Retweet Like
BrendanEich 27m
Perhaps that was the point.
Reply Retweet Like
BrendanEich 43m
Still tons of fraud, and that's evasive. By that rubric, there's no difference between an insecure-by-design advisory point-defense manifest file specification such as ads.txt, and a secure end-to-end cryptographic system such as TLS. If everything's advisory, sure: blame others.
Reply Retweet Like
BrendanEich 49m
I didn't label protocol as any such thing. It has a standard definition. I wrote "cryptographic protocol" on purpose. If you don't see the difference b/t a file whose contents are advisory, where advertiser & publisher can't be sure via math that no one is cheating, I can't help!
Reply Retweet Like
BrendanEich 51m
No, TLS is not a "file".
Reply Retweet Like
BrendanEich retweeted
Jennifer Cabrera 2h
Replying to @jhaskinscabrera
My spreadsheet to track changes: (3/3)
Reply Retweet Like
BrendanEich retweeted
Phil Kerpen 2h
Replying to @JordanSchachtel
and this could get ugly:
Reply Retweet Like
BrendanEich 2h
Reply Retweet Like
BrendanEich 2h
As I said, there’s always something outside the system’s threat model. But your defense of ads.txt is damning with faint praise. It failed in practice to matter, because it entailed no end-to-end property enforcement. Do you see the difference in kind between a file & a protocol?
Reply Retweet Like
BrendanEich retweeted
BrendanEich 2h
A cryptographic protocol can enforce properties across the network, where ads.txt cannot. Always have to define the threat model, what is inside and what is excluded. And something always excluded or assumed; no silver bullets. But a file published at a web address is not enough.
Reply Retweet Like
BrendanEich 2h
A cryptographic protocol can enforce properties across the network, where ads.txt cannot. Always have to define the threat model, what is inside and what is excluded. And something always excluded or assumed; no silver bullets. But a file published at a web address is not enough.
Reply Retweet Like
BrendanEich 3h
TLS enforces end-to-end-on-the-internet security properties. + you are mistaken: DNS spoofing is not enough to defeat TLS — you need a MitM root CA cert in your endpoint (an endpoint compromise). Contrast with ads.txt, which offers no such end-to-end properties. File != protocol.
Reply Retweet Like
BrendanEich retweeted
BrendanEich 3h
Security is not a separable concern. (h/t to , et al.: ). From 2010:
Reply Retweet Like