Hi DRC! Sorry, I didn’t mean to advocate a monoculture in a vacuum. My point was delivered much more eloquently by Roland: Given the set of practical issues we’re worried about today, delivering a service via multiple codebases certainly isn’t a magic bullet. Upon closer inspection heterogeneity might reduce exposure to catastrophe much less than you’d expect. Or more likely, have a multiplicative effect instead.
For a simple example, if my business depended on PKI, would I have gained security and reliability over the last few years by using both OpenSSL and GnuTLS? Would adding in native OSX and Windows frameworks have reduced my exposure or multiplied my risks? Cheers, matto > On Dec 14, 2014, at 2:52 PM, David Conrad <d...@virtualized.org> wrote: > > On Dec 14, 2014, at 12:28 PM, Matthew Ghali <mgh...@snark.net> wrote: > >> How does code diversity fix protocol vulns? > > Because different people implement the protocol differently (as evidenced by > the above)? > > Of course, one might argue that the fact that there were different behaviors > might suggest a bug in the protocol specification, but that doesn't argue > against code diversity. Code diversity is to help mitigate implementation > bugs. > > Regards, > -drc >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
