[Haskell-cafe] ANNOUNCE: tls, native TLS/SSL protocolimplementation

Sittampalam, Ganesh ganesh.sittampalam at credit-suisse.com
Mon Oct 11 04:06:45 EDT 2010


Vincent Hanquez wrote:
> On Fri, Oct 08, 2010 at 12:54:48PM +0100, Sittampalam, Ganesh wrote:
>> What's the motivation for this?
> 
> Well, I wanted to have a tls/ssl module that integrate nicely with
> haskell. 
> until then the 2 solutions were:
> 
> - shelling out to curl: that's not great, usually works until you
> have an error, and then you're greeted with a curl command line
> error. the control is pretty poor, what if you want a fancy
> certificate control ? Also you have absolutely no server support in
> this case, this is client only.    
> 
> - using either gnutls or openssl bindings: there's multiples reasons
> this is not great. 
> depending on huge C libraries (security wise, platform wise), massive
> usage of IO even in place where it shouldn't, low hacking potential
> (adding ciphers/hash, etc).  
> 
> Apart from that, we all know here why programming in haskell is
> better than doing the same thing in says, C or python. I think it
> apply even more when the focus of this is a secure library.  

While I agree with the potential benefits, I also worry that you will
end up making something that is far less well tested in practice. For
widely used and fairly low-level libraries like gnutls, openssl and
zlib, I'm just skeptical that the benefits outweigh the risks and costs.

Anyway, it's just a feeling. Please do prove me wrong :-)

Cheers,

Ganesh

=============================================================================== 
Please access the attached hyperlink for an important electronic communications disclaimer: 
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html 
=============================================================================== 



More information about the Haskell-Cafe mailing list