
On 2013-11-03 17:48, Scott Lawrence wrote:
One could argue that the potential for a false sense of security could make (very) bad encryption worse than no encryption.
Well. No, false sense of security is bad, however is has no link with your absolute level of security. Even bad cryptographic implementation provide some security in a sense, at worse by obscurity (which is very poor security, but not zero), and In the best case (of the bad) a rather hard problem for resource-less people. Now i'm not saying that bad implementations are OK, and certainly I hope that's not the case in tls, but in the context where we got nothing, just as John Wiegley rightfully mentioned, the risk is quite small. it's rather sad to see the "i'ld rather have *no* security whatsoever, than maybe have some" hard line.
Personally, I've always been a bit uncomfortable with the small number of widely-used implementations (AFAIK OpenSSL and GnuTLS combined account for pretty much all TLS-using open-source software), and I think pushing another one into wider usage would be a good thing (while acknowledging that it's likely more vulnerable than the older implementations).
That, and also that half of openssl CVE in the past 20 years were buffer overflow/underflow. Nothing to do with cryptography, but rather just simple memory management. I think this got to give some security points for a (mostly) haskell implementation. -- Vincent