[19949] in cryptography@c2.net mail archive
GnuTLS (libgrypt really) and Postfix
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Feb 13 10:21:15 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: David Wagner <daw@cs.berkeley.edu>
To: cryptography@metzdowd.com
Date: Sun, 12 Feb 2006 19:33:07 -0800 (PST)
Cc: jsd@av8n.com
John Denker <jsd@av8n.com> writes:
>Werner Koch retorted:
>> I disagree strongly here. Any code which detects an impossible state
>> or an error clearly due to a programming error by the caller should
>> die as soon as possible.
>
>That is a remarkably unprofessional suggestion. I hope the people
>who write software for autopilots, pacemakers, antilock brakes,
>etc. do not follow this suggestion.
This just shows the dangers of over-generalization.
Of course, we have to decide which is more important: integrity,
or availability. I suspect that in the overwhelming majority (perhaps
all) of the cases where libgcrypt is used, integrity is more important
than availability. If that is true, well, if in doubt, it's better to
fail closed than to fail open.
You rightly points out that there are important applications where
availability is more important than integrity. However, I suspect
those cases are not too common when building Internet-connected desktop
applications.
I think the attitude that it's better to die than to risk letting an
attacker take control of the crypto library is defensible, in many cases.
Of course, it would be better for a crypto library to document this
assumption explicitly than to leave it up to users to discover it the
hard way, but I would not agree with the suggestion that this "exit before
failing open" stance is always inappropriate.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
