> Also, brand new-ness is not just a bad thing; > it also means that rustls can take advantage of modern knowledge on > what areas of TLS are more or less important and more or less > vulnerable.
Several people heavily involved in the TLS standards process are at Mozilla and work on NSS. NSS and BoringSSL are both getting TLS 1.3 implementations that are being tested and debugged, and those implementations' findings are fed back into the standards work. Even if the same is true for rust-tls, it does not seem to be an advantage. At least with TLS 1.3 implementations the age concern mostly goes away. They will all be brand new and contain bugs, but at least the Rust code shouldn't have memory bugs. jack. _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
