[Cryptography] GnuTLS -- time to look at the diff.

Watson Ladd watsonbladd at gmail.com
Thu Mar 6 20:21:14 EST 2014

On Thu, Mar 6, 2014 at 3:46 PM, Salz, Rich <rsalz at akamai.com> wrote:
>> Buffer overruns are a very clear example. We could use languages, PL/I is one of the early ones, where buffer overruns are not possible, but we don't.
> I don't know about you, but I would rather have an SSL/TLS library that I can call from my C, and other, code that has some bugs. Then have a bugfree implementation written in some language that I cannot use.

And if you want to get it right, why use C? A bug in your C code could
look at places it shouldn't, and thus break the whole thing apart.
There is no reason today to not use memory-safe languages or isolate
crypto code from code that can break its security.

>         /r$
> --
> Principal Security Engineer
> Akamai Technology
> Cambridge, MA
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

More information about the cryptography mailing list