On Fri, 10 Jun 2005, Rich Salz wrote:

         I don't want to have to re-implement Apache in order to do
         an SSL implementation. ...

Those analogies aren't apt.  XML is a data format, so it's more like
        I don't want to have to implement ASN1/DER to do S/MIME
Which is a nonsensical complaint.

Now there's an ironic counterargument. I wrote a pure perl SSL implementation a while back, but ultimately had to shell out to openssl for the X.509 parsing because it was more complicated than SSL itself, and was poorly documented to boot. Niels Ferguson also trashes it in Practical Cryptography.

I have friends in ecommerce who consider XML such a tar pit that they're reluctant to even hire people who think it's a good idea. So it's easy for me to believe Peter when he says that they're problematic for crypto.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to