[Cryptography] GnuTLS -- time to look at the diff.
Watson Ladd
watsonbladd at gmail.com
Thu Mar 6 20:21:14 EST 2014
On Thu, Mar 6, 2014 at 3:46 PM, Salz, Rich <rsalz at akamai.com> wrote:
>> Buffer overruns are a very clear example. We could use languages, PL/I is one of the early ones, where buffer overruns are not possible, but we don't.
>
> I don't know about you, but I would rather have an SSL/TLS library that I can call from my C, and other, code that has some bugs. Then have a bugfree implementation written in some language that I cannot use.
And if you want to get it right, why use C? A bug in your C code could
look at places it shouldn't, and thus break the whole thing apart.
There is no reason today to not use memory-safe languages or isolate
crypto code from code that can break its security.
>
> /r$
>
> --
> Principal Security Engineer
> Akamai Technology
> Cambridge, MA
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
--
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
More information about the cryptography
mailing list