Don Davis <[EMAIL PROTECTED]> writes: > eric wrote: > > The way I see it, there are basically four options: > > (1) Use OpenSSL (or whatever) as-is. > > (2) Strip down your toolkit but keep using SSL. > > (3) Write your own toolkit that implements a > > stripped down subset of SSL (e.g. self-signed > > certs or anonymous DH). > > (4) Design your own protocol and then implement it. > > > > Since SSL without certificates is about as simple > > as a stream security protocol can be, I don't see > > that (4) holds much of an advantage over (3) > > i agree, except that simplifying the SSL protocol > will be a daunting task for a non-specialist. when > a developer is faced with reading & understanding > the intricacy of the SSL spec, he'll naturally be > tempted to start over. this doesn't exculpate the > developer for biting off more than he could chew, > but it's unfair to claim that his only motivation > was NIH or some other sheer stupidity. I disagree. If someone doesn't understand enough about SSL to understna where to simplify, they shouldn't even consider designing a new protocol.
> btw, i also agree that when a developer decides to > design a new protocol, he should study the literature > about the design & analysis of such protocols. but > at the same time, we should recognize that there's a > wake-up call for us in these recurrent requests for > our review of seemingly-superfluous, obviously-broken > new protocols. such developers evidently want and > need a fifth option, something like: > > (5) use SSSL: a truly lightweight variant of > SSL, well-analyzed and fully standardized, > which trades away flexibility in favor of > small code size & ease of configuration. > > arguably, this is as much an opportunity as a wake-up > call. I'm not buying this, especially in the dimension of code size. I don't see any evidence that the people complaining about how big SSL are basing their opinion on anything more than the size of OpenSSL. I've seen SSL implementations in well under 100k. -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
