[Cryptography] Simpler programs?

Bill Frantz frantz at pwpconsult.com
Fri Apr 18 11:54:00 EDT 2014 

On 4/18/14 at 12:44 AM, guido at witmond.nl (Guido Witmond) wrote:

>Polaris [1] had it right for Windows. Too bad it wasn't available in
>open source for linux. Is Polaris still for sale?

Polaris was a research project. I don't think it is available. 
(HP is a hardware company, not a software company.)

Plash I think had similarities to Polaris. Capsicum is also 
moving in that direction.

This is an area where it is vital to not let the better be the 
enemy of the good. Incremental improvement is probably the best 
we can hope for.

In this sense, while running each application in its own limited 
authority protection domain is an excellent step forward, 
splitting them into multiple domains is the next logical step. 
Postfix proved a multi-protection domain architecture was 
practical and had significant benefits years ago. If OpenSSL had 
merely separated the public key operations into a separate 
protection domain, people would not have lost their master 
signing key in the last SNAFU.

Even with slow IPC, the message time would be small compared 
with the public key operation time. Ironically, the OpenSSL goal 
most impacted by such an architecture change is portability. I 
would have found it much more work to port OpenSSL to CapROS if 
I had to learn enough about it to port the separate protection domains.

I see two problems: (1) Us. We know programming correct programs 
is hard, but we all say to ourselves, "I can do it!" As a result 
we avoid tools which can help us. We use C. We don't use 
separate protection domains. etc. History shows that, even with 
excellent programmers, this path leads to serious bugs.

The second is marketing. No one seems to want to buy better 
security. It is a checkoff item, like many of the features in 
early Microsoft applications. It has to be there, but it doesn't 
have to work.

One question that might shed light on the marketing problem: Why 
hasn't Postfix completely displaced Sendmail? Perhaps some of 
the Postfix people have some insights.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | I like the farmers' market   | Periwinkle
(408)356-8506      | because I can get fruits and | 16345 
Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, 
CA 95032

More information about the cryptography mailing list