--- Eric Rescorla <[EMAIL PROTECTED]> wrote: > [Standard rant follows... :)] > I'm trying to figure out why this is a good idea even in principle.
Maybe its just me but SSL is overly complicated. I've been dabbling with crypto since I was sixteen. I've written several popular libs already [LibTomCrypt and LibTomMath] so while I'm not a PhD in crypto I think I'm fairly competent enough to sit down and implement an algorithm per specs [to a limit]. Two weeks ago I sat down to learn how to code my own SSL lib [key on being small]. Suffice it to say after reading the 67 page RFC for SSL 3.0 I have no clue whatsoever how to implement SSL. The RFC looks like it was written by a member of the ACLU and done at an hourly rate of some sort. It contains no test vectors, no sample source code and generally is not enough information to code a compliant SSL protocol. So I wrote LibTomNet. It provides exactly what I wanted and is very simple to understand and work with. > I've seen <100k SSL implementations and that included the ASN.1 > processing for certs. I would imagine that one could do a compliant > SSL implementation that used fixed RSA keys in roughly the same > code size as your stuff. My 64KB demo includes the server, the client, all the crypto [including a full RSA implementation] and the LibTomNet protocol. I could make the demo smaller by manually trimming LibTomCrypt. Not only is my code way smaller than a compliant SSL library but it is also simpler. There are only eight functions in LibTomNet and of LibTomCrypt you only need a half dozen at most [setup the prng, RSA key gen, export/import]. In otherwards my code is [should be] very easy to work with since there is a minimum of clutter to get in the way. I mean just download a copy [v0.03 is the latest] and check out the demo [demos/ex1.c]! At anyrate LibTomNet is not an SSL replacement. It's a library for developers who need simple to work with secure sockets. Tom __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
