Programming language for anonymity network

[Stevens Le Blond]

Hello,

We are a team of researchers working on the design and implementation of
a traffic-analysis resistant anonymity network and we would like to
request your opinion regarding the choice of a programming language /
environment. Here are the criteria:

1) Familiarity: The language should be familiar or easy to learn for
most potential contributors, as we hope to build a diverse community
that builds on and contributes to the code.

2) Maturity: The language implementation, tool chain and libraries
should be mature enough to support a production system.

3) Language security: The language should minimize the risk of security
relevant bugs like buffer overflows.

4) Security of runtime / tool chain: It should be hard to
inconspicuously backdoor the tool chain and, if applicable, runtime
environments.

To give two concrete examples:

Using the C language + deterministic builds is an attractive option with
respect to 1), 2) and 4), but doesn’t provide much regarding 3).

Java does better with respect to 3), however, it trades some of 3) and
4) as compared to C. Specifically, we are concerned that large runtimes
may be difficult to audit. A similar argument may apply to other
interpreted languages.

Given these criteria, what language would you choose and for what
reasons? We would also appreciate feedback regarding our criteria.

All the best,
David, Nick, Peter, Stevens, and William

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140418/3c5a85fe/attachment.sig>