[Cryptography] GnuTLS -- time to look at the diff.
Ben Laurie
ben at links.org
Thu Mar 6 23:20:49 EST 2014
On 7 March 2014 01:21, Watson Ladd <watsonbladd at gmail.com> wrote:
> On Thu, Mar 6, 2014 at 3:46 PM, Salz, Rich <rsalz at akamai.com> wrote:
>>> Buffer overruns are a very clear example. We could use languages, PL/I is one of the early ones, where buffer overruns are not possible, but we don't.
>>
>> I don't know about you, but I would rather have an SSL/TLS library that I can call from my C, and other, code that has some bugs. Then have a bugfree implementation written in some language that I cannot use.
>
> And if you want to get it right, why use C? A bug in your C code could
> look at places it shouldn't, and thus break the whole thing apart.
> There is no reason today to not use memory-safe languages
Of course there is: integration with existing code.
> or isolate
> crypto code from code that can break its security.
How would that have helped with either the Apple SSL or the GNUtls bugs?
More information about the cryptography
mailing list