I wonder what motivation there was to write mozilla::pkix in (old-style) C++ — with the number of memory access bugs, why not use Rust?
@gsnedders 2. Except for parts that are delegated to NSS, mozilla::pkix exclusively uses bounds-checked buffers (class Input) for all input.
-
-
@BRIAN_____ 2. Everything being compile-time checked still seems better; 3. Rust's unmangled libraries would work fine, no? -
@gsnedders RE 2: I'm very confident about memory safety in mozilla::pkix modulo NSS. We're only missing compiler-checked borrowed pointers. -
@BRIAN_____ RE2: Yeah, quite possibly more a theoretical concern than a practical one in this case. Still, "modulo NSS" is plenty! -
@gsnedders Most uses of NSS can/will be removed over time. Then almost all (uint8_t*, size_t) will be replaced with mozilla::der::Input&.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.