It's Time to Abandon Insecure Languages

[Arnold G. Reinhold]

Language wars have been with us since the earliest days of computing 
and we are obviously not going to resolve them here.  It seems to me 
though, that cryptographic tools could be use to make to improve the 
reliability and security of C++ by providing ways to manage risky 
usages.

I have in mind a modified development environment that detects 
dangerous programming instances like pointer arithmetic,  assignments 
in "if" statements, C (as opposed to C++) strings, char array 
declarations, maloc's etc.  Methods where such usage is necessary 
would be signed by the author and one or more reviewers, with the 
signature embedded inside a special comment statement.  The 
development environment would then check whether only approved usages 
are present and, if so, sign the executable file. Final versions of 
code would be built on trusted servers whose compilers could not be 
tampered with and whose private key is not accessible to the 
developers.

Implementing such an environment should not be difficult. No real 
language changes would be involved, beyond reserving a standardized 
comment prefix for signatures. Most programmers would only be able to 
employ safe objects and constructs.  The few instances where 
dangerous usages were really needed would be limited, visible and 
require authorization.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com