From: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: Ada for the TLS/SSL problem?
Date: Wed, 16 Mar 2016 23:18:15 +0100
Date: 2016-03-16T23:18:15+01:00 [thread overview]
Message-ID: <87pouunk2g.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: ncc8e8$1pdm$1@gioia.aioe.org
* Dmitry A. Kazakov:
> On 2016-03-16 18:42, Florian Weimer wrote:
>> * Dmitry A. Kazakov:
>>
>>> On 15/03/2016 21:47, Florian Weimer wrote:
>>>> * Peter Brooks:
>>>>
>>>>> There are still many problems turning up with TSL authentication. It's
>>>>> no particular surprise as even OpenSSL has been using C for this code.
>>>>>
>>>>> Isn't this an opportunity for Ada to really shine?
>>>>
>>>> It's really hard to write a good TLS implementation. Ditching C gets
>>>> rid of just one class of issues (related memory safety).
>>>
>>> At least we could have a better API. GNUTLS design is quite
>>> uncomfortable to use in a "socket-select" environment.
>>
>> That's a consequence of the protocol because any write or read at the
>> application layer can result in arbitrary sequences of reads *and*
>> writes on the socket layer. There is just no nice way to express this
>> in an API.
>
> It could have a state machine design, driven by write-ready read-ready
> events.
It's still very complicated, particularly if you want to leave buffer
management to the caller. See Java's SSLEngine.
next prev parent reply other threads:[~2016-03-16 22:18 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-15 18:46 Ada for the TLS/SSL problem? Peter Brooks
2016-03-15 19:00 ` Shark8
2016-03-15 19:10 ` Peter Brooks
2016-03-15 19:04 ` Shark8
2016-03-15 20:47 ` Florian Weimer
2016-03-16 8:14 ` Dmitry A. Kazakov
2016-03-16 17:42 ` Florian Weimer
2016-03-16 18:25 ` Dmitry A. Kazakov
2016-03-16 22:18 ` Florian Weimer [this message]
2016-03-17 8:14 ` Dmitry A. Kazakov
2016-03-15 21:02 ` Paul Rubin
2016-03-16 4:08 ` Peter Brooks
2016-03-16 6:13 ` Paul Rubin
2016-03-16 12:09 ` Peter Brooks
2016-03-16 17:04 ` Dmitry A. Kazakov
2016-03-16 18:31 ` Peter Brooks
2016-03-16 20:28 ` Dmitry A. Kazakov
2016-03-16 19:57 ` Olivier Henley
2016-03-16 8:42 ` Jacob Sparre Andersen
2016-03-16 8:46 ` Dmitry A. Kazakov
2016-03-16 10:52 ` G.B.
2016-03-16 15:27 ` G.B.
2016-03-16 12:14 ` Peter Brooks
2016-03-16 12:17 ` Bob Butler
2016-04-26 10:42 ` Peter Brooks
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox