> If there's anything this issue showed is that we definitely need > fewer people independently considering the issue and openly > discussing their own (occasionally wrong) suggestions.
Actually, it seems to me we need more. More minds looking at it, more discussion of the various ramifications and workarounds. Lack of public discussion serves nobody at this point, possibly execpting chip-makers trying to downplay their bugs. The hardware bugs behind these (that speculative execution doesn't make security checks correctly and doesn't roll back all its side effects when annulled) are so ubiquitous that the _correct_ fix - buying non-buggy hardware - is close to impossible. The only thing most people can do is try to find workarounds. I feel reasonably sure that, at this point, there are at least a few exploitable side-channels and a few workarounds that aren't known publicly (possibly at all), and more people thinking about them is the only thing likely to fix that. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
