141 followers
@hanno @BRIAN_____ @FiloSottile @tqbf @timbray @zellyn Also somewhat before my time, but by TLS 1.2 cryptographers already had the key insight, i.e. authenticate-then-encrypt is bad. E.g. https://t.co/Lbq2s59KPb and https://t.co/FbfqaENrRH. (CBC-then-HMAC