On 07/09/2015 01:47 PM, Andrew Cann wrote: > > I'm not saying the GNUnet devs should all switch to fancy-language-of-the-day, > that's not practical. Just that if they did then security (and bugs in > general) > would pretty much be a solved problem.
Doesn't solve: 1) availability: scalability (i.e. of routing), resistance to DoS / traffic shaping by ISPs / etc. 2) authenticity (of hardware, software and data) 3) bugs in general: compiler/VM may be buggy/compromised, see tons of exploitable Java VM verifier / JIT / runtime bugs over the last 20 years. 4) confidentiality: side channels, disclosure via protocols, meta data leakage (please make sure your GC doesn't leak timing data) 5) usability: user may still not be able to use, or use securely 6) hardware implants (malicious hardware, see ANT catalog) So saying that switching to some fancy language doesn't address *any* of those at all (and that's the short list), so claims that "security would pretty much be a solved problem" by switching to another language are just nonsense. Overblown claims don't help the discussion. That said, I agree with you that Rust might grow into a good choice in the long term -- and it should solve certain minor (!) security problems nicely. But I maintain it won't solve the most critical issues -- like improving scalability/performance, improving usability, or defending against attacks outside of our code base (kernel, dependencies, network neutrality, ISP filtering, compromised hardware/OSes, social engineering, etc.).
0xE29FC3CC.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
