Joe Birr-Pixton

> and NASM is not listed as a required dependency anywhere that I could see. https://aws.github.io/aws-lc-rs/requirements/ Heard you on the frustration with additional dependencies, especially on Windows. See https://github.com/aws/aws-lc-rs/issues/364 upstream...

That seems like a large architectural change best done by the maintainers. What are your aims in wanting do to that? It may be worth revisiting the discussion on https://github.com/rustls/rustls/pull/1184...

The pieces I had in mind for this were: - add a function to `webpki::EndEntityCert` that exposes the certificate's public key as a SPKI. Note that webpki's internal representation of...

I'm not really sure it's correct to say it broke semver -- semver only deals with API compatibility. It is valid for a release to return additional errors, as in...

> * Ctz has considerable security domain expertise from previous employment, education (TODO: ask Ctz what he wants to disclosure here) > * I hate to write things like this,...

Had a short look at this and it looks like there are no relevant TLS-level differences between the providers. Next step is to minimise the reproducer to just the signature...

Ah, thanks for the detailed look! I agree on your conclusion, and I think it means that offering `ecdsa_secp521r1_sha512` for TLS1.2 & TLS1.3 implies support for SHA512 signatures for all...

I think we are probably overdue for regularising wasm support in this crate. What I mean by that is: - a small example for one flavour of wasm or another...

`BorrowedBuf` is in `core::io`

> I think what's lacking is a way to accept a plaintext connection in some cases. To solve that, what if instead of exposing the deframer buffer and having the...