John Denker <[EMAIL PROTECTED]> writes: >Werner Koch retorted: >> I disagree strongly here. Any code which detects an impossible state >> or an error clearly due to a programming error by the caller should >> die as soon as possible. > >That is a remarkably unprofessional suggestion. I hope the people >who write software for autopilots, pacemakers, antilock brakes, >etc. do not follow this suggestion.
This just shows the dangers of over-generalization. Of course, we have to decide which is more important: integrity, or availability. I suspect that in the overwhelming majority (perhaps all) of the cases where libgcrypt is used, integrity is more important than availability. If that is true, well, if in doubt, it's better to fail closed than to fail open. You rightly points out that there are important applications where availability is more important than integrity. However, I suspect those cases are not too common when building Internet-connected desktop applications. I think the attitude that it's better to die than to risk letting an attacker take control of the crypto library is defensible, in many cases. Of course, it would be better for a crypto library to document this assumption explicitly than to leave it up to users to discover it the hard way, but I would not agree with the suggestion that this "exit before failing open" stance is always inappropriate. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
