Can't help but find it ironic the winner of the 2018 Levchin Prize for Advancements in Real-World Cryptography has an invalid SSL certificate on his research website.
A few hours ago, I went to their website after seeing the submission, and it worked. Now I'm getting SSL_ERROR_NO_CYPHER_OVERLAP (in Firefox 57). Maybe they're loadbalancing and one of the servers is incorrectly configured?
You can. Responsibility for their choice of business partners lies with them, not the public. Otherwise this blame-game-treasure-hunt-rigmarole never ends.
It doesn’t matter that much, but it’s a matter of principle.
It is on Akamai but it is on Akamai's non-TLS network (ie .egsuite.net)...you have to pay more for TLS on Akamai (.edgekey.net)....I'd blame IBM but not Akamai.
I was think along the same lines. It great that OpenSSL have improved quality, yet it feels like they're rewarded for cleaning up their own mess.
Honestly, given the background for the award, cleaning up your code base shouldn't qualify you:
> The prize honors significant contributions to real-world cryptography and celebrates recent advances that have had a major impact on the practice of cryptography and its use in real-world systems.
Improving code quality doesn't actually impact "the practice of cryptography".
> It great that OpenSSL have improved quality, yet it feels like they're rewarded for cleaning up their own mess.
Though to be honest, an insane amount of stuff relies on OpenSSH for their security, and has for years. If their code was messy earlier, ok, but they have still been basically de facto standard SSH client for much of networking. I'd say their prize is well earned.
So, good for OpenSSL for getting better. More better crypto libraries benefit everyone. Who benefits from OpenSSL remaining terrible?
I certainly don't think libressl deserves any sort of prize, but it does seem a little weird to give an award designated for advancement for something more like hitting par. If they'd been better to start, then no award? Most improved awards have strange incentives.
This award did feel a little different. I can't build anything on top of OpenSSL in quite the same way that I can take the signal protocol and build on it. (All the other winners did something that's useful to rust, too. :))
I don't have any numbers but I would guess this would be since OpenSSL is used a lot more than LibreSSL at the moment. So the criteria "and its use in real world systems" would qualify OpenSSL more than LibreSSL.
If you haven’t seen the difference in quality and design from older versions of OpenSSL to more recent versions, it’s a quite impressive transformation.
I definitely learned a lot of new techniques for writing quality modern C from the recent versions of OpenSSL.
Didn't hear of the prize before, so searched for it. From the website of prize.
>>>>>The Levchin Prize was established in 2015 by internet entrepreneur, Max Levchin. The prize honors significant contributions to real-world cryptography and celebrates recent advances that have had a major impact on the practice of cryptography and its use in real-world systems. Up to two awards will be given every year and each carries a cash prize of $10,000.<<<<<
2015. That is pretty new. So, for me it's more of a publicity for the "prize" itself the the"advancement".
It's a serious conference with a steering committee of serious experts who award the prize for serious work. Take a look at the previous winners. I think the only thing you're getting right here is that the prize is relatively new.
