> IMO, writing security software by doing something that is specifically
not
> documented or guaranteed to work and then trying to fix every problem it
> creates (at least, that you can find) is completely insane.
Guaranteed to work? Who's doing the indemnification?
Security's all about trade-offs. If you can make some simplifying
assumptions that cut out large parts of code you might well be better off.
/r$
--
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
