[148951] in cryptography@c2.net mail archive
Re: [Cryptography] defaults, black boxes, APIs,
daemon@ATHENA.MIT.EDU (John Gilmore)
Mon Jan 6 18:23:34 2014
X-Original-To: cryptography@metzdowd.com
To: ianG <iang@iang.org>
In-reply-to: <52CA49F1.7000707@iang.org>
Date: Mon, 06 Jan 2014 12:13:22 -0800
From: John Gilmore <gnu@toad.com>
Cc: Jerry Leichter <leichter@lrw.com>,
Cryptography Mailing List <cryptography@metzdowd.com>,
Phillip Hallam-Baker <hallam@gmail.com>,
Jonathan Thornburg <jthorn@astro.indiana.edu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> +1 on the competition approach, all the above.
>
> Why not narrow it down? PDF however is a huge project. Pick the one
> thing that we all seem to revert to in any secure code discussion:
>
> buffer overflows in C.
>
> Design the mod to current C language/libraries that best addresses the
> syndrome.
This has already been done. No change to the C language or libraries
is required; the ANSI C committee was diligent in defining the
language to only work when your reach didn't exceed your grasp.
"Saber C" and "valgrind" already implement this. Saber C is now known
as CodeCenter, and its C++ variant is ObjectCenter. It is a
commercial product of Integrated Computer Solutions, which bought it
from Centerline Software and now seems to have stuck it on a shelf:
https://www.cs.cmu.edu/afs/cs.cmu.edu/academic/class/15211/spring.96/www/tutorial.html
http://motif.ics.com/products/codecenter
> Open competition. No rules. Big prize of open endowment for
> academic/research project... (Format already known & practiced.)
You will need rules. If only that "the awarding of the prize will
be at the entire discretion of XXXX". Else we'd just be handing
the prize to a twenty year old compiler (CodeCenter) that's sitting
on a dusty shelf without anyone using it.
> Anyone got a spare mil?
I may know where one can be found, for a good competition.
John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
