top | item 38986164

(no title)

ludjer | 2 years ago

Do you really want to implement http, ssl and tls; all by your self, what about security hash algorithms? Re inventing the wheel means you also get to go through all the bugs and s purity issue that these open source libraries went through. This is a type of opinion I would expect some one with no understanding about security saying.

discuss

mgaunard|2 years ago

If you're building an application that depends heavily on networking for either its performance or reliability, then yes, you are better off rewriting those components and taking on ownership of hardening them to satisfy your requirements than you are relying on someone else that doesn't know your use case and has no incentive to making it work well making sure it works well for you.

HTTP is fairly trivial as well; if you're afraid of little things like that, you'll never deliver best-in-class software.

lifthrasiir|2 years ago

Assuming you do have enough understanding of secure programming, you can actually forgo most dependencies if you really want. You can ignore most edge cases which have to be implemented if you exactly follow the standard (e.g. HTTP parsing rules), supporting only one ciphersuite that is known to be safe and widely used, and so on. Of course that still doesn't justify the use of assembly.