@filippo the difference is clear however. The main reason why I would rather have an open source database is to be able to have my database service managed/maintained by third parties and be able to pay anyone else for the maintaince if I'm not happy with the current vendor. This was possible with AGPL as it's an open source license, it's practically impossible with the SSPL and the intent of the license switch is precisely to make sure the copyright holder has monopoly on offering commercial service and maintenance on the software, much like with other non open source licences.
No reason to especially get outraged however by the SSPL, but the bait and switch method that some vendors used here is frustrating.

@wollman @filippo no reason why you would hear of it in the open-source world since it's not an open-source license ;) (as per OSI definition)

(comic) Great expectations https://workchronicles.substack.com/p/comic-great-expectations-89d

@s31bz a that makes sense, we are indeed not open source. However the code of our apps and extension can be inspected here https://github.com/dashlane

@s31bz how is Dashlane more bigtech than the other? I have been working there for a while (we were ~20 employees when I joined) and I never heard us called "bigtech"

@sc00bz now that you mention it, it's true that it's a bit weird the info parameter is in expand rather than extract but I guess it makes also sense since you can do one extract and expand it several time for different use cases / domains.

Regarding PQ hybrid: as far as I understand, TLS simply replaces the ECDH SS by the concatenation of both SS. The fact that it ends up being the salt of the next KDF appears to be "standard TLS".

@sc00bz awesome! Not a cryptographer myself, but happy to have a look whenever it's ready 👍

@sc00bz about that, when are we getting an rfc and reference implementation for BS-SPEKE? :D

@iamkale I don't think "opaque" means it needs to be random at all, just that you should not give any meaning to it and treat it just as a byte sequence. So I'd say even a counter would work. Of course as usual there are issue with counters, like the fact they leak the size of the table, so a non random db friendly UUID (like V7) could be a solution.

@iamkale feels like those are problems you'd only have on your first project, after that you should have some answers on what you like using. Btw it's c8 now ;)

@filippo Being able to host an SSH CA key to a well known place would be even more useful. When I ssh to host.example.com the CA key would be fetched from example.com/well-known and the host key SSH certificate would be checked against this CA. This avoids having to run a web server on all your hosts. And also SSH certificates are cool ;)