2026.02.05 07:52:34 (Mastodon 116016936005542374, Twitter 2019318227340521553) from Daniel J. Bernstein:
One of the OpenSSL disasters announced last week (CVE-2025-15469) is really the fault of OpenSSL's detached-signature interface. With a signed-message/message-recovery interface, the bug would have had no effect on security, and would have been easier to catch. Interfaces matter.