[Haskell-cafe] ANNOUNCE: tls, native TLS/SSL protocolimplementation

Brandon Moore brandon_m_moore at yahoo.com
Mon Oct 11 04:41:40 EDT 2010


While I can see your point about potentially introducing new security holes, and producing much less trusted code, I feel having tidy, pure libraries that we can all integrate into our Haskell is a benefit that far outweighs this.  Especially when we have nice things like the type system, which can be used to alleviate many of the security worries.

I agree in general, for code like servers and file formats, but I worry in particular about cryptographic primitives. Some side channel attacks seem to call for a very low-level language, to make it easier to verify that e.g. execution time and the memory access pattern does not depend on the key.


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.haskell.org/pipermail/haskell-cafe/attachments/20101011/0a97d17d/attachment.html


More information about the Haskell-Cafe mailing list