[cryptography] Is it time for a revolution to replace TLS?
michael at briarproject.org
Wed May 28 06:24:00 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 28/05/14 10:54, Mansour Moufid wrote:
> On Fri, 2014-04-25 at 09:28 -0700, Tony Arcieri wrote:
>> There's an entire class of memory safety bugs which are possible
>> in C but not possible in Rust. These also happen to be the class
>> of bugs that lead to Heartbleed-like secret leakage or remote
>> code execution vulnerabilities.
> It seems we've come to the programming version of the possibilism
> versus "revolution or nothing" debate. In politics anyway, the
> latter attitude leads to nothing rather than revolution.
I don't think anyone's suggesting that we should rewrite all existing
software in Rust (the equivalent of revolution). But it's quite
possible to stop writing new software in C. Then we just have to wait
50 or 100 years for most of the existing C code to fall out of use,
and we'll have a somewhat improved security landscape. Hooray!
I need a drink.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the cryptography