Nico Williams <[email protected]> writes: >Were you aware of any of the above? If so, could you please explain your >comment in a little bit more detail? If not, then please stop slandering the >GSS-API.
Yes, I was aware of that. You can remove the string "GSS-API" from your comments and replace it with any number of other technologies and the same still holds. To measure "widespread success" I apply the magic-wand test, if you waved a magic wand and all instances of X disappeared, would anyone notice? With CryptoAPI and OpenSSL, where you can barely turn on a computer without running into them at some point, you'd notice fairly quickly. With GSS-API, barely anyone would notice. I did a (admittedly very rough) straw poll at an informal gathering of a bunch of people from banks, ISPs, commercial organisations, telcos, and so on the other day as a litmus test and everyone was aware of, and could name instances where they'd used CryptoAPI (i.e. Windows crypto/security) or OpenSSL that day. Of the few who even knew what GSS-API was, none could recall using it. That's not even in the same league as CryptoAPI and OpenSSL. (I'd bet there were as many people there who had heard of Intercal as GSS-API, although I didn't try a head count). >Perhaps you *dislike* the GSS-API. To be honest I have no opinion on it, because it doesn't have enough impact on anything for me to allocate cycles to it. I'm sorry if you feel I've slighted your pet(?) API in some way and you feel some need to defend its honour, but it's just not that significant. And that's entirely my point. Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
