Amazon’s s2n Announcement: Time for Serious Crypto Investment

Threat Intelligence Times

Following Amazon’s recent announcement of s2n, their new open source TLS implementation, there has been plenty of speculation about what it means for the future of communications security.

The following, from Rapid7’s security engineering manager Tod Beardsley, provides some much needed insight:

Amazon’s announcement of s2n (which stands for “Signal to Noise”) is pretty exciting news. It’s nearly always a good thing when a major Internet company like Amazon sets its sights on improving a core Internet technology like Transport Layer Security (TLS) in a responsive, open source way. After Heartbleed, we saw something similar from Google with their release of BoringSSL, as well as OpenBSD’s volunteer-driven LibreSSL. All of these projects promise a stripped down version of SSL/TLS with an eye toward excising the cruft that leads to vulnerabilities and weird code paths in OpenSSL.

s2n’s most notable feature today is that it boasts only 6,000 lines of code…

View original post 433 more words

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s