On Thu, Jun 23, 2011 at 1:03 AM, Peter Gutmann <[email protected]> wrote: > Marsh Ray <[email protected]> writes: > >>OK, but when one of the buckets has 0 observations in it what is it proving >>exactly? > > That no successful crypto API has ever been designed by a committee? We have > (at least) CDSA, TCG, and GSS-API, and none of those have seen any significant > adoption (by "significant" I mean at the same level as CryptoAPI, OpenSSL, > etc).
You can repeat that mantra as much as you like, but repetition won't make true, at least not with regards to GSS. Every Unix-like OS ships with a GSS-API implementation and it gets used by a large number of applications. I've seen *many* proprietary apps that use it. Plus there's a fair number of Internet application protocols that use it. The most popular Internet GSS application is SSHv2 -- yes, in the enterprise world SSHv2 with GSS is extremely popular, and one of the most requested features for years in OpenSSH and PuTTY before they added support for it. Windows' SSPI is extremely similar to the GSS-API. Plus on Windows the SSPI *is* the API to TLS (and SASL)! And to top that off, when used to access GSS mechanisms, the SSPI is wire-compatible with the GSS-API. Any SSPI developer will be able to use the GSS-API with ease, and there are *many* SSPI applications (many more still than there are GSS applications, no doubt). Are there as many developers familiar with GSS as with OpenSSL, or who reach for GSS before OpenSSL? No. Does that make it a failure? Not at all, especially when you factor in the number of SSPI developers. Were you aware of any of the above? If so, could you please explain your comment in a little bit more detail? If not, then please stop slandering the GSS-API. Perhaps you *dislike* the GSS-API. I would appreciate some detailed comments as to what's wrong with it (besides "it was designed by committee") -- I'd like to know what's wrong with it so we can make it better, or even to make its successor better. Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
