[tob_scott_a]

> Carcinize existing C and C++ X.509 users.

This could be game-changing for a lot of open source software.

I spent years avoiding X.509 (and ASN.1, for that matter) in my designs because every time someone I trust poked it, a remotely exploitable bug fell out. Most often, it was a Denial of Service issue rather than Remote Code Execution. Moving to Rust would demonstrably improve the security of the entire Internet.

You might be tempted to ask, "What about BouncyCastle?" (or similar queries).

Sure, you're not overwriting the EIP in most Java X.509 bugs, but check the release notes for X.509 and ASN.1 mentions: https://www.bouncycastle.org/releasenotes.html

When I worked for Amazon, we disclosed a few X.509-related vulnerabilities to projects that we almost found by accident.

[blibble]

how would rust fix most of those issues?

they're logic bugs

[woodruffw]

The "classic" example of this is enums as sum types, rather than a thin wrapper over an integral type: Rust makes it possible to construct in invalid enum variant, whereas plenty of C logic bugs stem from taking untrusted user input and converting it into an enum variant.

My understanding is that Java doesn't allow this directly, but has adjacent historical deficiencies (e.g., not allowing exhaustive enumeration handling until recently).

[tob_scott_a]

woodruffw already wrote an excellent comment for this question: https://news.ycombinator.com/item?id=39131723

Rust isn't just memory-safety. The type system also coaxes developers towards eliminating some types of logic bugs.

Not all, granted, but it does move the needle.

[blibble]

I think that attitude vastly underestimates the complexity of a typical TLS implementation

(and I say this as someone who grew up on SML)

[tob_scott_a]

> I think that attitude vastly underestimates the complexity of a typical TLS implementation

If you ever get the impression that I'm underestimating the complexity of a typical TLS implementation, I promise you that I'm not. I speak to improvements, not panaceas.

Until the end of last year, I was one of the security engineers that the s2n team at AWS consulted on potential security issues. You will never hear me say anything will magically fix all our problems. Especially with TLS.

However, Rust does bring a lot to the table, so I feel I'm allowed to be excited about not reviewing another X.509 library written in C.

[woodruffw]

This reasoning doesn't make sense. If TLS is astonishingly complex, which it is, then we absolutely want the strongest type system that can simultaneously represent its complexity and afford developer ergonomics. TLS's complexity is a good reason for types that reflect invariants, not a good reason to give up.

[blibble]

This reasoning doesn't make sense.

I didn't say it didn't help at all, I said I wouldn't expect it to make a significant improvement over Java

(and it's hardly the strongest type system with "developer ergonomics")

[k8svet]

I'm not even that good at writing Rust and even I recognize that countless libs I'm using are written in a way, with Rust types, that prevent serious mis-use. In ways that would be infeasible and unergonomic in other languages, or require internal library invariant assertions that are prone to bugs.

Sometimes the errors wind up being nasty, but I've also gotten better at trusting that the compiler is giving me helpful info, even if it's a huge message. And usually those errors indicate some library invariant that I've missed that the type system is enforcing.

[otabdeveloper4]

> Moving to Rust would ...

... do absolutely nothing to fix denial of service attacks.

[woodruffw]

I don't think this is true. Rust cannot prevent all possible forms of denial of service, but there are plenty of underlying DoS causes that Rust either outright eliminates (such as memory corruption without further control) or mitigates through stronger types.

A recent example of this is CVE-2024-0567 in GnuTLS: an invariant that otherwise would likely have been noticed at the type level is instead checked with an assert, leading to a remotely trigger-able DoS.

[bagels]

Exploiting a memory safety crash, leading to a downed service, is the first class of DOS that Rust can help with.

[saurik]

Nor the other myriad of logic and parsing bugs that led to incorrect behavior (more than just denial of service) in the Java library that was somehow not as good as Rust :/.

[tob_scott_a]

By itself? No.

The other details covered in the blog post, however, would absolutely do something to fix denial of service attacks.

To wit: x509-limbo