[Moderator's note: I've been choking back the LibTomNet argument but I thought Steve's specific references here are interesting, even if the point has already been made. --Perry]
In message <[EMAIL PROTECTED]>, tom st denis w rites: > >The RFC looks like it was written by a member of the ACLU and done at >an hourly rate of some sort. It contains no test vectors, no sample >source code and generally is not enough information to code a compliant >SSL protocol. What does the ACLU have to do with it? "Be liberal in what you accept?" > >Not only is my code way smaller than a compliant SSL library but it is >also simpler. There are only eight functions in LibTomNet and of >LibTomCrypt you only need a half dozen at most [setup the prng, RSA key >gen, export/import]. In otherwards my code is [should be] very easy to >work with since there is a minimum of clutter to get in the way. > Tom, I don't know you, and I don't know what your background in crypto protocol design is. It's an *exceedingly* subtle art. A few months ago, I went back and reread the original Needham-Schroeder paper, from December 1978. It is, as far as I know, the first paper in the open literature on cryptographic protocols. In it, the authors warn that they think that this is a very difficult area, and that subtle flaws will occurs. That's one of the more amazing instances of prescience I've seen. Let me briefly review the history of that protocol. As I said, it was published in December, 1978. It had symmetric and asymmetric versions of the protocol. The latter -- taking into account certificates, which had not yet been invented -- was only three lines long. In August 1981, Denning and Sacco published a paper describing a comparatively subtle flaw in the protocol; they also proposed a fix. In 1994, Abadi and Needham described a flaw in the Denning/Sacco replacement. (That flaw might have been described in 1987, but I'm traveling and don't have my library with me...) In 1996, a new flaw was found in the original Needham-Schroeder asymmetric variant -- a flaw that was blindingly obvious once pointed out. Tell me -- why should anyone trust your new protocol, given the history of one of the most-studied protocols in the field? SSLv3 has had a lot of scrutiny. Has yours? > >At anyrate LibTomNet is not an SSL replacement. It's a library for >developers who need simple to work with secure sockets. That's what SSL is. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]