Jill Ramonsky wrote:
> Too late. I've already started. Besides which, posts on this group
> suggest that there is a demand for such a toolkit.

I think there's demand in the sense that there's demand for free
lunches. People would like the inherent complexity to go away, because
they can see that there's a way simpler API that addresses _their_
problem, but I fear that a good deal of the complexity in TLS is not
removable, so all that will happen is that the API will be unsuitable
for almost everyone else's problem - or it'll still be complex.

There must be a reason that OpenSSL is popular despite its disgusting
API and appalling documentation[1]. I hypothesize its because if you
think about it a while you can get it to do almost anything.

Its also worth considering that most applications of TLS need other
crypto primitives (it seems to me), so merely replacing the TLS part
doesn't actually help most people.

Anyway, that said, there's certainly room for something that does
everything OpenSSL does, only nicely.



[1] People have wondered in the past why I maintain OpenSSL if I have
such a low opinion of it - the answer is I do it because somebody has
to. Or to plagiarise someone else's witticism: the only thing that's
worse than OpenSSL is all the alternatives.

http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to