[Haskell-cafe] ANNOUNCE: tls,
native TLS/SSL protocolimplementation
Brandon Moore
brandon_m_moore at yahoo.com
Mon Oct 11 04:41:40 EDT 2010
While I can see your point about potentially introducing new security holes, and producing much less trusted code, I feel having tidy, pure libraries that we can all integrate into our Haskell is a benefit that far outweighs this. Especially when we have nice things like the type system, which can be used to alleviate many of the security worries.
I agree in general, for code like servers and file formats, but I worry in particular about cryptographic primitives. Some side channel attacks seem to call for a very low-level language, to make it easier to verify that e.g. execution time and the memory access pattern does not depend on the key.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.haskell.org/pipermail/haskell-cafe/attachments/20101011/0a97d17d/attachment.html
More information about the Haskell-Cafe
mailing list