Following Amazon’s recent announcement of s2n, their new open source TLS implementation, there has been plenty of speculation about what it means for the future of communications security.
The following, from Rapid7’s security engineering manager Tod Beardsley, provides some much needed insight:
Amazon’s announcement of s2n (which stands for “Signal to Noise”) is pretty exciting news. It’s nearly always a good thing when a major Internet company like Amazon sets its sights on improving a core Internet technology like Transport Layer Security (TLS) in a responsive, open source way. After Heartbleed, we saw something similar from Google with their release of BoringSSL, as well as OpenBSD’s volunteer-driven LibreSSL. All of these projects promise a stripped down version of SSL/TLS with an eye toward excising the cruft that leads to vulnerabilities and weird code paths in OpenSSL.
s2n’s most notable feature today is that it boasts only 6,000 lines of code…
View original post 433 more words