[cryptography] Is it time for a revolution to replace TLS?

Michael Rogers michael at briarproject.org
Wed May 28 06:24:00 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 28/05/14 10:54, Mansour Moufid wrote:
> On Fri, 2014-04-25 at 09:28 -0700, Tony Arcieri wrote:
> 
>> There's an entire class of memory safety bugs which are possible
>> in C but not possible in Rust. These also happen to be the class
>> of bugs that lead to Heartbleed-like secret leakage or remote
>> code execution vulnerabilities.
> 
> It seems we've come to the programming version of the possibilism
> versus "revolution or nothing" debate.  In politics anyway, the
> latter attitude leads to nothing rather than revolution.

I don't think anyone's suggesting that we should rewrite all existing
software in Rust (the equivalent of revolution). But it's quite
possible to stop writing new software in C. Then we just have to wait
50 or 100 years for most of the existing C code to fall out of use,
and we'll have a somewhat improved security landscape. Hooray!

I need a drink.

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJThblAAAoJEBEET9GfxSfMFzQH/06mPEaJFB+uVftwD4XWHVRy
5pU71JlEJMLIM5d8qF6oczyT4wMOpzankOanDSGGbQnznT+jji/nn5OM4O1Asgbm
7JQovsbNmTENHBXw2Jgk7sxU0+lNaR3ejJH2MyrsLIhrPjayFp8PBXpplWzaHQTL
pE2Y1TV5erJwGPL9zHEiH3eF5xB4egW03ZX9t5THCkzOBBoDYYLiYgcTutaV4nNU
sQQCPwNOcVhEWDMH65ooVQg1XtsblAySMWy08/kfWerdcf4xQW3rWRKUR1EGHrL/
Qvj1X7GLM6NcIU6xXQ5pEfsaf1itN4yx3IedXupmfx7md3YRzVzgu00kKwgKCOM=
=J8dv
-----END PGP SIGNATURE-----


More information about the cryptography mailing list