I got around to following the process and submitting feedback on JEP-524 (Java PEM support):

https://mail.openjdk.org/archives/list/[email protected]/thread/5XHYOLL4QMSNISXBE5DQAKD2NY3ARQNM/

#cryptography nerds: what would you call the analogous property to forward secrecy in a protocol that only does authentication (so no secrecy)?

For example, let’s suppose I send a stream of audit log messages signed in batches with an EdDSA key. I could rotate that key after every batch, (including the next PK in the previous signed batch). Thus a compromise of the signing key at time t allows forging future records but not altering prior records.

NIST calls this “backtracking resistance” in the context of DRBGs, which could work as a generic term. Is there any other term in wide use?

Happy Nowruz!

h/t to my Turkish colleagues at Hazelcast

I really should start giving official feedback to Java preview features:

https://lobste.rs/s/ywrcll/java_26_is_here_with_it_solid_foundation#c_sh2qyv

Maybe version ranges are a good idea after all?

One of the most important lessons I’ve learned in security, is that it’s always better to push security problems back to the source as much as possible. For example, a small number of experts (hopefully) make cryptography libraries, so it’s generally better if they put in checks to prevent things like invalid curve attacks rather than leaving that up to applications…

http://neilmadden.blog/2026/03/19/maybe-version-ranges-are-a-good-idea-after-all/

RE: https://mean.engineer/@indutny/116245283352156779

All this to support virtual filesystems in node.js, a feature Tcl/Tk had in 2002. No wonder people resort to LLMs given how basic most programming languages still are.

(It irks me that Tcl was largely abandoned in the name of safety and performance, and yet we replaced it with bloated JS frameworks that have neither and don't do half the things that a <1MB libtcl.so did 2 decades ago).