[Cryptography] Ada vs Rust vs safer C

[Tom Mitchell]

On Tue, Sep 20, 2016 at 12:40 PM, Arnold Reinhold <agr at me.com> wrote:

>
> > On Sep 20, 2016, at 12:29 PM, Jerry Leichter <leichter at lrw.com> wrote:
> >
> >> Ab initio safety improvements would consist of clarification of
>
....

>
> Consider what I said shorthand for what you said. This issue and its
> consequences,

'''''

>
> Possible ways forward include:
>
> * Holding a meeting
> * Engaging some compiler developers in a non-hostile conversation
> * Writing a group letter to FSF
> * Talking to Richard Stallman (I remember when he used to wear an “Impeach
> God” button. That is what we seem to be asking.)
> * Publicizing the issue
> * Going to the standards bodies
> * Starting our own standards organization
> * Forking GCC
> * Looking for funding (grants, Kickstarter, sugar parent, …)
>
> If not now, when?
>

Add one thought to the check list for standards bodies.

It might make sense to require two reference implementations
in two dissimilar programming languages.  This is for critical
features...

This enhances testing as one can validate the other.
Should not need a third... there is no voting.

It does not require tampering with a programming language
that touches the hundred thousand and more binary objects in a system
and a million programmers.

It focuses on a single thing and uses existing
programming languages.   One code base can be slow if that is
what happens but as a pair they could cause the
author and standards folk to think about the design
(and not the code if that makes sense).

It has additional merit in that equal functionality
but different implementations should stay equal with
compiler changes.   Latent bugs from tool chain changes
might surface sooner.
</two-cents>





-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160920/3fdcd40f/attachment.html>