9 thoughts on “Heartbleed

    • Is it? Serious question. I feel like it might be better than OpenSSL, but that’s not a high bar. It’s still written in C, though, with all the issues that involves.

  1. Why are you calling for an OpenSSL replacement to be written in Rust? Please elaborate.

    • Rust is a language with, among other things, guaranteed memory safety. Entire classes of programming errors which have plagued C for decades are not possible by design in Rust. That’s the point, and that’s why Mozilla’s next-generation browser engine is going to be written in it. I am suggesting that we apply some of those excellent qualities to try and make an SSL library that doesn’t have buffer overruns, uninitialized variables, etc.

      • And Rust is designed to make it be straightforward to write code that’s as fast as equivalent C++, which is important.