@djco I read the notes but I don’t see the connection to the conclusion. Can you enlighten a rust n00b? (No worries if not)
-
-
Replying to @janl
they're discussing old-school C crypto libraries as the solution for TLS going forward, whereas some think that Rust would be better.
2 replies 0 retweets 0 likes -
the point is that Rust is supposed to be better for this kind of thing, and there are efforts out there to start a Rust TLS stack.
1 reply 0 retweets 0 likes -
Replying to @djco
right, but why the conclusion that Moz has 0 confidence in Rust being useful for that?
1 reply 0 retweets 0 likes -
Replying to @janl
it's maybe a strong statement. I think Rust would prevent many bugs that would lead to security problems; Mozilla should invest.
1 reply 0 retweets 0 likes -
Replying to @djco
yeah, that’s my understanding too, and I’d like to see that, too
1 reply 0 retweets 0 likes -
Maybe Rust is better, apples-to-apples. But writing a security library from scratch? That vs. OpenSSL?
2 replies 0 retweets 0 likes
*ring* is based on BoringSSL. Increasingly less so as we do more in Rust. But all the low-crypto (e.g. AES) is OpenSSL's.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.