Horst Herb wrote: > On Monday 30 July 2007, Andrew McIntyre wrote: >> It is a fairly standard piece of hardware however and the HIC library is >> based on OpenSSL so it is doable. > > Andrew, > > name me one single acceptable reason (any *reasonable* reason at all) why we > should not have > a) a simple openly published protocol
The HESA libraries do generate PKCS envelopes, so they are standard. > b) use OpenSSL directly to implement the protocol This is possible, but you have to make sure you don't use algorithms not in the HESA library. > c) use OpenSSL to generate our own keys (and submit them to HeSA then) > This would be ideal I agree. The API for the keys does have a method to generate a key, My guess is that they felt the process of key upload and signing to onerous and centralized it for convenience. The library should have this built into it however. This is what we do with our PGP Key generation and upload. > instead of this bullshit of intransparent API libraries, proprietary dongles, > and 3rd party generated keys. > The API library is just an easier way to do it vs openssl, or at least is supposed to be. > I am not aware of even a hint of reason behind this nonsense. Simply by > allowing a,b, and c we could have had ubiquitous use without resistance 5 > years ago. > > But no, the brickhead mandarins must have it their way, even if that means > the > system will not be acceptable for the majority of potential participants > At least they are consistent across all areas of responsibility ;-) Andrew > Horst > _______________________________________________ > Gpcg_talk mailing list > [email protected] > http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk > > __________ NOD32 2404 (20070717) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
