[Haskell-cafe] ANNOUNCE: tls,
native TLS/SSL protocolimplementation
ganesh.sittampalam at credit-suisse.com
Mon Oct 11 04:06:45 EDT 2010
Vincent Hanquez wrote:
> On Fri, Oct 08, 2010 at 12:54:48PM +0100, Sittampalam, Ganesh wrote:
>> What's the motivation for this?
> Well, I wanted to have a tls/ssl module that integrate nicely with
> until then the 2 solutions were:
> - shelling out to curl: that's not great, usually works until you
> have an error, and then you're greeted with a curl command line
> error. the control is pretty poor, what if you want a fancy
> certificate control ? Also you have absolutely no server support in
> this case, this is client only.
> - using either gnutls or openssl bindings: there's multiples reasons
> this is not great.
> depending on huge C libraries (security wise, platform wise), massive
> usage of IO even in place where it shouldn't, low hacking potential
> (adding ciphers/hash, etc).
> Apart from that, we all know here why programming in haskell is
> better than doing the same thing in says, C or python. I think it
> apply even more when the focus of this is a secure library.
While I agree with the potential benefits, I also worry that you will
end up making something that is far less well tested in practice. For
widely used and fairly low-level libraries like gnutls, openssl and
zlib, I'm just skeptical that the benefits outweigh the risks and costs.
Anyway, it's just a feeling. Please do prove me wrong :-)
Please access the attached hyperlink for an important electronic communications disclaimer:
More information about the Haskell-Cafe