Mailing List Cleanup - Filippo Valsorda

(This is part of an open ended series of posts where I write down random things I feel are sharable from the years of mailing lists I’ve not caught up on…)

This time we’re doing Filippo Valsorda’s ‘Cryptography Dispatches’ and ‘Maintainer Dispatches’ (because they come on the same feed) from July 28, 2022. I know the basics of crypto, but the majority of this is waaaaay too nerdy for me, but still really neat. Even if I didn’t understand 65% of the posts…

Anyhow, here’s things I did understand and thought were cool enough to share

• Announcing The $12K Nist Elliptic Curves Seeds Bounty - A bunch of cool history in here
• You Should Run A Certificate Transparency Log
• A Tour of WebAuthn - HTML of a PDF book (which is linked to) that starts with ‘Passwords are rubbish.’ I think I’m hooked at that point. Even if haven’t switched to passkey yet – mainly because I haven’t read something like this and don’t understand it yet.
• Cross-Site Request Forgery - It’s shocking how often I’ve had to fight csrf…
• A Retrospective Survey Of 2024/2025 Open Source Supply Chain Compromises - In order to actually be secure, you need to know what’s being exploited to built accurate threat models. (And not just paranoia models.)
• Claude Code Can Debug Low-Level Cryptography - Listen, I’m 95% in the ‘Fuck AI’ camp (with a bunch of disclaimers I’ll deal with later), but this line struck me as great. “I still don’t have a good intuition for when to invoke AI tools.” And he included his prompts which is nice.