From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!au2pb.net!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!peer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!fx14.iad.POSTED!not-for-mail From: Shark8 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:32.0) Gecko/20100101 Thunderbird/32.0a1 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Ada's ranking of popularity at IEEE Spectrum References: <72b1318a-2eb6-4129-af9b-5bcfbb329c5b@googlegroups.com> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Message-ID: X-Complaints-To: abuse@teranews.com NNTP-Posting-Date: Fri, 11 Jul 2014 01:15:27 UTC Organization: TeraNews.com Date: Thu, 10 Jul 2014 19:15:30 -0600 X-Received-Bytes: 3073 X-Received-Body-CRC: 3353209078 Xref: news.eternal-september.org comp.lang.ada:20858 Date: 2014-07-10T19:15:30-06:00 List-Id: On 10-Jul-14 18:16, Simon Clubley wrote: > On 2014-07-10, Marius Amado-Alves wrote: >>> My current number one example: implementing OpenSSL in Ada is exactly >>> the kind of thing Ada would be good at. Unfortunately, it's also not >>> practical. >> >> On the contrary, it would be very practical to have AWS working well with SSL... >> I was never able to do that on Windows. >> AWS is a great lib, but horrible at installing. > > A requirement behind rewriting OpenSSL would be to enable it's use in > _all_ the operating systems and platforms which currently use OpenSSL. > If this isn't the case, your replacement is destined to remain a niche > and generally forgotten product. It would also need to be compatible > with OpenSSL's API. What is the cost of writing an API compatibility layer compared to that of a formally verified implementation of SSL? What is the difficulty level of presenting the SSL-implementation in a manner that conforms to OpenSSL's API? > > While I focused on OpenSSL in my comments, Ada (as a language) would > also be a good choice for replacing the client side SSL libraries such > as Firefox's use of NSS. If the effort to implement the protocol with formal verification is made, then it only makes sense to do both client and server implementations -- the tests for each would of necessity use the other. > > Unfortunately the same issues apply here because unless your SSL client > library replacement can operate in all the same environments as the C > language library it would replace, then it's destined to remain a niche > and forgotten product. > > Simon. > Ridiculous -- even without availability on *every* system a secure SSL implementation would be welcome in servers by businesses concerned w/ security. As an example, the formally verified DNS Ironsides was usable even when it did not support the recursive form of DNS -- now that it handles both the authoritative and recursive forms there is little to prevent adoption by [small] businesses. (I know of one semi-locally that'll be switching over, says the BIND configuration he has now is rather complex and finicky.)