Seems like another awesome initiative.

I'm in awe of Stripe's continued ability to win developer mindshare. It must yield huge benefits for recruitment, retention & sales.

""" A clean-room implementation of TLS v1.2 by Ashwini Oruganti (an especially timely project given recent events). It's an ambituous undertaking, but she's narrowing scope by focusing on designing and implementing a "TLS API for humans" and building on top of existing lower level primitives. The project will be written as part of Python's cryptography library. """

Not to be a hater, but nothing I've ever experienced in my career has lead me to believe something like this is possible unless you're starting with openssl. Even then, the lack of a code reviewer raises some eyebrows.

Yep, it's certainly a risky project, but I'm psyched to be able to fund it. Ashwini's proposal included a well-reasoned review and validation plan. Even if it ends up not being successful, I think she's approaching things from the right angle, and I'll be very glad that she tried.

I think it's great you're funding it, and I completely agree it's a risky project. But humanity is only taken further by people with money funding risky enterprises, and in the grand scheme of things a good, clean room tls 1.2 library is absolutely an important building block of our future in computing.

Keep it up.

I would love to see a clean, narrowly scoped replacement for OpenSSL.

Please choose an appropriate all-permissive, GPL-compatible license for it; the license of OpenSSL, with advertising clause, causes a huge amount of pain.

Several of us who work on PyCA Cryptography (https://cryptography.io) will be doing code reviews (our docs outline the code review process we use).

More people trying this and learning from previous mistakes (of others) is a good thing. For example, here's a TLS implementation in pure OCaml https://github.com/mirleft/ocaml-tls

I'm glad Stripe is helping with things like this. It raises awareness of critical things we all use and encourages others to think about getting involved.

Off topic, but I've never seen anyone use Python docstring format to quote text like that on HN. It's actually not a bad idea.

Stripe has amazing marketing, because their marketing is an expression of their identify. They are a developer run shop and it shows. Props to the team, and congrats to the grant winners.

I'm really impressed by Velocity.js. I'm glad that Julian Shapiro is one of the winners.

Seems like a cool list of projects. Interested to see how this turns out!

Congrats to the grantees! I was one of the 120 applicants who was not selected for this program. But I do hope I could work on something equally as exciting this Fall at my first job.

Honest question: what is wrong with tlslite? Why rewrite the same thing from scratch?

Tlslite is production-grade and it is written by someone with an actual, proven track in the security field.

Congratulations to everyone and I'm especially looking forward to the TLS implementation for Python so I can dump what I'm using now. :)