The purpose of this document was to respond to false claims from James
Donaldson about myself and GrapheneOS. He changed his story about what
happened many times since this was posted. He didn't move forward with
his attempt at taking us to court and this was never used beyond being
posted on our site as a public response.
Nearly all of his supporters realized he was misleading them and left
for greener pastures. Most of them are now using GrapheneOS. We don't
need to refute outdated attacks on GrapheneOS from a person that's now
almost completely irrelevant, especially since he's now trying not to
draw attention to this since he came out looking so terrible. He quietly
misleads people about what happened with his latest historical revisions
and those are countered better by our newer pages summarizing it.
This is useless for TLSv1.3 since there's no longer any distinction in
the protocol based on whether the server is using stateless or stateful
session resumption. OpenSSL has a non-standard anti-replay mechanism for
0-RTT based on stateful session resumption but 0-RTT still ends up being
a downgrade for the TLS security properties. nginx disables that feature
since otherwise 0-RTT wouldn't work with the default stateless approach.
Since this cache is only used for TLSv1.2 when stateless resumption
isn't disabled and nearly all TLSv1.2 clients support tickets, it isn't
getting any significant use. It provides worse forward secrecy than
tickets because we implement ticket key rotation based on the expiry
time and sessions aren't actively purged from the stateful cache when
they expire. Cached session state varies in size and nginx ends up
writing errors to the log when clearing out a session fails to make room
for a new one due to it being larger. It's best to finally get rid of
this flawed approach to session resumption.
TLSv1.3 provides the option of forward secrecy for resumed sessions and
it's the only approach that's normally enabled so we don't need to worry
about this anymore once TLSv1.2 is disabled as long as we never enable
0-RTT which weakens forward secrecy and other security properties.
Since merge_slashes gets rid of the redundant slashes, a no-op rewrite
will get rid of all of them at once instead of requiring one redirect to
get rid of each redundant slash.
This avoids needing to conditionally add nopush to each preloaded
resource in the Link header. There's also no support for pushing
JavaScript modules via http2_push_preload since nginx doesn't have
support for rel=modulepreload.
Good regex form: use "?:" to specify non-capturing groups when sections
don't actually reference matched groups. There's no use saving a capture
in these situations.
