From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!news.szaf.org!news.enyo.de!.POSTED!not-for-mail
From: Florian Weimer <fw@deneb.enyo.de>
Newsgroups: comp.lang.ada
Subject: Re: Ada for the TLS/SSL problem?
Date: Tue, 15 Mar 2016 21:47:30 +0100
Message-ID: <8737rrsc2l.fsf@mid.deneb.enyo.de>
References: <5011d79c-aaad-464e-a68e-c31a2738a820@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: news.enyo.de 1458074850 24802 192.168.18.20 (15 Mar 2016 20:47:30
 GMT)
X-Complaints-To: news@enyo.de
Cancel-Lock: sha1:0ZW516VfzHagakQMxBZd1Xhvf2w=
Xref: news.eternal-september.org comp.lang.ada:29788
Date: 2016-03-15T21:47:30+01:00
List-Id: <comp.lang.ada>

* Peter Brooks:

> There are still many problems turning up with TSL authentication. It's
> no particular surprise as even OpenSSL has been using C for this code.
>
> Isn't this an opportunity for Ada to really shine?

It's really hard to write a good TLS implementation.  Ditching C gets
rid of just one class of issues (related memory safety).  All the
cryptography problems remain mostly unchanged.  This concerns both
low-level issues (such as avoiding informnation leaks due to timing
and other mishaps) and high-level design issues in TLS itself.