On Fri, Jun 24, 2011 at 1:15 AM, Peter Gutmann <[email protected]> wrote: > Nico Williams <[email protected]> writes: >>Were you aware of any of the above? If so, could you please explain your >>comment in a little bit more detail? If not, then please stop slandering the >>GSS-API. > > Yes, I was aware of that. You can remove the string "GSS-API" from your > comments and replace it with any number of other technologies and the same > still holds. > > To measure "widespread success" I apply the magic-wand test, if you waved a > magic wand and all instances of X disappeared, would anyone notice? With > CryptoAPI and OpenSSL, where you can barely turn on a computer without running > into them at some point, you'd notice fairly quickly. With GSS-API, barely > anyone would notice. I did a (admittedly very rough) straw poll at an > informal gathering of a bunch of people from banks, ISPs, commercial > organisations, telcos, and so on the other day as a litmus test and everyone > was aware of, and could name instances where they'd used CryptoAPI (i.e. > Windows crypto/security) or OpenSSL that day. Of the few who even knew what > GSS-API was, none could recall using it. That's not even in the same league > as CryptoAPI and OpenSSL.
The two banks I've worked at use Kerberos, and since they use SSHv2 and want SSH to support Kerberos, they also use GSS (to be fair, they used GSS *before* SSHv2 got GSS support). They also use GSS for other things. At one of those banks they use it particularly extensively. I also know that Lehman used Kerberos and, IIRC, AFS. Other banks I know of also use such technologies. Every bank that uses Active Directory uses Kerberos, and the GSS-like SSPI. And the Kerberos GSS mechanism (through SSPI, on Windows). The native Windows TLS implementation is accessed via SSPI. Most of the people you talked to probably don't know those details. If those things suddenly didn't work, those banks would freak out. That some people you spoke to don't know what GSS is hardly indicative of its actual importance to their business. Microsoft did such a good job of integrating Kerberos, LDAP, DNS, SSPI, and their old NT4 protocols, that most people outside of IT don't really know that using AD means using Kerberos, or what SSPI is, and they rightly shouldn't have to. Let's put it this way: the squeaky wheel gets attention, and OpenSSL is a squeaky wheel (every release being sufficiently incompatible with the previous one as to cause serious headaches for integrators and developers), so of course it gets noticed. >>Perhaps you *dislike* the GSS-API. > > To be honest I have no opinion on it, because it doesn't have enough impact on > anything for me to allocate cycles to it. I'm sorry if you feel I've slighted > your pet(?) API in some way and you feel some need to defend its honour, but > it's just not that significant. And that's entirely my point. My point is that if one is going to design a new API (that's the proposal, isn't it) then one ought to want to avoid the mistakes of the new one's predecessors. You admit knowing little (I think that's what you meant above) about this one API -nothing shameful in that!- and you treat it as if it's not worth knowing anything about it at all based on an informal poll of people who might have had no reason to know anything about it either. Only if your poll were right would that attitude would be defensible. But, you'll say, you're not proposing a new API, certainly not one designed by a committee, or something. The problem I have is that you condemn things of which you admittedly know probably too little to judge. (Incidentally, I read everything you post on the lists we both subscribe to, because when you write about the thinks I know you know what you're talking about, it's always worth reading.) I have no opinion on most of the APIs you mentioned, because I too have limited cycles. I have some opinions about OpenSSL and PKCS#11, and plenty about GSS (I'll tell you all that's wrong with it if you like). I just won't condemn the ones I know nothing about. Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
