[dexen]

There is a lot of "right side of history" / "get with the program" smugness coming from the Rust camp, this bug report and other discussions. Claims of improved security are used as an ultimate, unbeatable-by-definition, trump card.

This might prove right eventually - or might very well end up just like Java, for which similar claims were made. The smugness around Java was moderated a bit by the more corportey image of it, but the gist was quite similar nonetheless. Let's just say openly: the smugness is using up a lot of natural goodwill, and generating its own pushback. As there's no widely acknowledged "equal competitor" to Rust (why?), something feels "off" about the whole situation.

[guitarbill]

One of they devs did say "C is a bad language to implement parsers for e.g. ASN.1". Unfortunately, there are enough examples out there [0] to prove him right. Not all of them will be mitigated by Rust (e.g. something like CVE-2019-17359), but it's probably worth it long-term (idk, i don't feel the pain of security issues day-to-day, only occasionally).

[0] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asn.1

[pornel]

To add data on the Rust side:

https://github.com/rust-fuzz/trophy-case

there are a few Rust ASN implementations. They've been caught running out of memory and having arithmetic overflows, but no segfaults or use-after-frees. Rust doesn't prevent all problems, but things that slip through tend to be less severe.

[dalai]

One could ask whether python would have been an option for writing the parser. There is for example the asn1crypto library, which is pure python.

[xxpor]

I'd have to assume the issue there is really speed.

Edit: @alex made a much better comment here:

https://github.com/pyca/cryptography/issues/5771#issuecommen...

One point that I didn't think of, but makes a ton of sense:

>There's no way to implement constant-time code in pure Python securely

[userbinator]

Claims of improved security are used as an ultimate, unbeatable-by-definition, trump card.

Having an authoritarian tone seems to be a prerequisite for being in the security industry. Unfortunately.

[mlindner]

Many users care much more about working software than they do secure software until suddenly they have a major live exploit on their stuff. This causes many people in the security world to get very tired of the whiplash cycle of "No we don't want to fix this issue it's probably minor" until "Oh my god, why didn't you fix this it caused us millions of dollars in losses" hits.

Especially in the security hardware world, getting customers to upgrade is like pulling teeth.

[p0nce]

> there's no widely acknowledged "equal competitor" to Rust

this is largely a myth

[ghoward]

Please tell me who this "equal competitor" is. I would like to compare it to Rust.

[ncmncm]

It would be hard to find a thing you can do in Rust that cannot be equally well or better done in C++.

Any safety that can be provided by a library+Rust can be provided by another library+C++, with only a different apportionment of responsibility between library and language.