You are reading a single comment by @hippy and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported exclusively by donations. Consider donating a small amount regularly.
hippy
Want to know what else is nuts about CloudFlare and encryption... our TLS.
Aside from only supporting the strongest key ciphers, we are able to selective choose which ciphers to use per client. Meaning that we'll deprecate SHA-1 whilst still allowing SHA-1 for those clients that are really so old that it is all they can do.
We also roll our TLS keys often... like... really often. As frequent as hourly... with only a 36 hour validity window. This is before you factor in perfect forward secrecy and other things... should anyone crack anything, you've only got a very very small window of useful data that you could ever access.
The guys we have working here are pretty nuts. We encrypt everything that we can, using the very best of everything, and we store nothing.