[Cryptography] GnuTLS -- time to look at the diff.
Bill Frantz
frantz at pwpconsult.com
Thu Mar 6 18:25:34 EST 2014
On 3/6/14 at 12:12 AM, hallam at gmail.com (Phillip Hallam-Baker) wrote:
>Coding risk is just another risk and there are different ways to control.
>We have just seen the failure of the open source security argument. There
>are many good reasons to use open source licenses and public domain. But
>publishing the source code does not sprinkle magic security dust over it.
>
>What it does mean is that we have the chance to learn from the error should
>we choose to..
We have a remarkably poor record of learning from past mistakes.
Buffer overruns are a very clear example. We could use
languages, PL/I is one of the early ones, where buffer overruns
are not possible, but we don't. We could use languages where use
after free is impossible, but we don't. etc. We could even do
things with macros, libraries etc., to address these problems,
but we don't.
Admittedly, all these safer languages are implemented in unsafe
languages -- machine language at the bottom. But if we fix a bug
at the language level, we have fixed it for all the applications
written in that language, a much better use of debugging resources.
What we have is a history or having a problem and doing nothing
to solve it. Instead we rely on techniques which don't work,
like code reviews. We are unwilling to accept any solution to
problems, even ones which repeatedly show up in the wild, if it
makes the program slower. It is as if speed trumps correctness.
We also have a serious problem with demonstrating the
correctness of security programs. For must programs we are
interested in what they can do. That is relatively easy to test
for. You try it and if it works the program passes.
With security programs we are mostly interested in what you
can't do. That is much harder to demonstrate through testing.
Sometimes we can turn the problem around into what the program
can do. Can it reject a TLS connection where the signature hash
in the signature isn't actually the hash of the connection setup
exchange. Can it reject a connection where the certificate
presented didn't actually certify the key presented. etc. etc.
But for many issues, the attack hasn't been invented yet.
It is depressing to think that the problem is primarily cultural.
CHeers - Bill
---------------------------------------------------------------------------
Bill Frantz |"After all, if the conventional wisdom was
working, the
408-356-8506 | rate of systems being compromised would be
going down,
www.pwpconsult.com | wouldn't it?" -- Marcus Ranum
More information about the cryptography
mailing list