[Cryptography] GnuTLS -- time to look at the diff.

Tom Mitchell mitch at niftyegg.com
Wed Mar 5 19:15:26 EST 2014

On Tue, Mar 4, 2014 at 2:38 PM, andrew cooke <andrew at acooke.org> wrote:

> On Tue, Mar 04, 2014 at 02:04:40PM -0800, Tom Mitchell wrote:
> > GNUTLS-SA-2014-2CVE-2014-0092Certificate verification issue
> [...]
> > http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
> Not sure why this wasn't included in the above (so perhaps I have it
> wrong),
> but

I did not attach the diff because it was so easy to discover and
more importantly the diff is only part of what needs inspection.

As for functional programming languages and libraries
that are linked to "c" and "c++" code the mixing of languages
adds an additional level of confusion to tool chains and library foo
that are already out of hand.  Adding confusion without
clear design goals to simplify in the end is not a win

A problem today is the emotional bound that the SUID single
bit AT&T patent bestows on those that can play in the kernel and
those that can only play outside.

I suspect the tech community needs to rethink modern communication and
computation from the transistor on up.   Today I think of encryption
a lot like I once thought about ECC on data paths and storage.
i.e. interesting, became useful, became necessary.

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140305/27e6e6c9/attachment.html>

More information about the cryptography mailing list