"""
A clean-room implementation of TLS v1.2 by Ashwini Oruganti (an especially timely project given recent events). It's an ambituous undertaking, but she's narrowing scope by focusing on designing and implementing a "TLS API for humans" and building on top of existing lower level primitives. The project will be written as part of Python's cryptography library.
"""
Not to be a hater, but nothing I've ever experienced in my career has lead me to believe something like this is possible unless you're starting with openssl. Even then, the lack of a code reviewer raises some eyebrows.
Yep, it's certainly a risky project, but I'm psyched to be able to fund it. Ashwini's proposal included a well-reasoned review and validation plan. Even if it ends up not being successful, I think she's approaching things from the right angle, and I'll be very glad that she tried.
I think it's great you're funding it, and I completely agree it's a risky project. But humanity is only taken further by people with money funding risky enterprises, and in the grand scheme of things a good, clean room tls 1.2 library is absolutely an important building block of our future in computing.
I would love to see a clean, narrowly scoped replacement for OpenSSL.
Please choose an appropriate all-permissive, GPL-compatible license for it; the license of OpenSSL, with advertising clause, causes a huge amount of pain.
More people trying this and learning from previous mistakes (of others) is a good thing. For example, here's a TLS implementation in pure OCaml https://github.com/mirleft/ocaml-tls
I'm glad Stripe is helping with things like this. It raises awareness of critical things we all use and encourages others to think about getting involved.
Not to be a hater, but nothing I've ever experienced in my career has lead me to believe something like this is possible unless you're starting with openssl. Even then, the lack of a code reviewer raises some eyebrows.