Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-12 Thread Perry E. Metzger
[Moderator's note: Forwarded anonymously at the sender's request, so if you reply to this, please cut my name out of it, it isn't my message --Perry] -- Perry, please forward anonymously. On Friday, Oct 10, 2003, at 22:48

Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-11 Thread Ben Laurie
Peter Clay wrote: On Thu, 9 Oct 2003, Peter Gutmann wrote: I would add to this the observation that rather than writing yet another SSL library to join the eight hundred or so already out there, it might be more useful to create a user-friendly management interface to IPsec implementations

RE: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-09 Thread Peter Clay
On Thu, 9 Oct 2003, Peter Gutmann wrote: I would add to this the observation that rather than writing yet another SSL library to join the eight hundred or so already out there, it might be more useful to create a user-friendly management interface to IPsec implementations to join the zero or

RE: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-09 Thread Peter Gutmann
Peter Clay [EMAIL PROTECTED] writes: If you want a VPN that road warriors can use, you have to do it with IP-over- TCP. Nothing else survives NAT and agressive firewalling, not even Microsoft PPTP. IP-over-TCP has some potential performance problems, see

Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-09 Thread Perry E. Metzger
Peter Clay [EMAIL PROTECTED] writes: Having spent much of the past few weeks trying to sort out a workable VPN solution, I think this is a good but doomed idea. http://vpn.ebootis.de/ has the best free windows IPsec configuration tool I've found, but that doesn't help. Why? Because IPsec

Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-09 Thread Ng Pheng Siong
On Thu, Oct 09, 2003 at 01:56:47AM +1300, Peter Gutmann wrote: I would add to this the observation that rather than writing yet another SSL library to join the eight hundred or so already out there, it might be more useful to create a user-friendly management interface to IPsec implementations

Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-09 Thread Ben Laurie
Jill Ramonsky wrote: Too late. I've already started. Besides which, posts on this group suggest that there is a demand for such a toolkit. I think there's demand in the sense that there's demand for free lunches. People would like the inherent complexity to go away, because they can see that

RE: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-08 Thread Arcane Jill
PROTECTED]; [EMAIL PROTECTED] Subject: Re: Open Source (was Simple SSL/TLS - Some Questions) I think that rather than spending time on deciding what to call this library that is to-be-written, and how to license this library that is to-be-written, that time should be spent on, well, writing

RE: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-08 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: I think that rather than spending time on deciding what to call this library that is to-be-written, and how to license this library that is to-be-written, that time should be spent on, well, writing it. :) I would add to this the observation that rather than

RE: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-08 Thread Jill Ramonsky
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 1:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Open Source (was Simple SSL/TLS - Some Questions) Rich Salz [EMAIL PROTECTED] writes: I would add

Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-07 Thread Rich Salz
I took the initial view that closed source and trustable crypto are mutually incompatible Of course this isn't true. When is the last time you built your own ATM or credit-card POS terminal? Claims such as Download this app and you will be secure should definitely need to be proven, and

RE: Simple SSL/TLS - Some Questions

2003-10-07 Thread Jerrold Leichter
| From: Jill Ramonsky [EMAIL PROTECTED] | From: Ian Grigg [mailto:[EMAIL PROTECTED] | | The only question I wasn't quite sure of | was whether, if I take your code, and modify it, | can I distribute a binary only version, and keep | the source changes proprietary? | | You can't

Re: Simple SSL/TLS - Some Questions

2003-10-07 Thread Ralf Senderek
On Mon, 6 Oct 2003, Ian Grigg wrote: (answering Jill's questions) The only question I wasn't quite sure of was whether, if I take your code, and modify it, can I distribute a binary only version, and keep the source changes proprietary? I'd strongly recommend to think about some code-signing

Re: Simple SSL/TLS - Some Questions

2003-10-06 Thread Eric Rescorla
Jill Ramonsky [EMAIL PROTECTED] writes: Eric raised some points which I should address. First, he asked me You have read the RFC, right?. Well I guess I should be honest here and say no, I hadn't done that yet. Maybe that's where I went wrong, and would have asked fewer dumb questions if I

Re: Simple SSL/TLS - Some Questions

2003-10-06 Thread Zooko O'Whielacronx
Jill Ramonsky [EMAIL PROTECTED] wrote: I confess ignorance in matters concerning licensing. The basic rules which I want, and which I believe are appropriate are: (i) Anyone can use it, royalty free. Even commercial applications. (ii) Anyone can get the source code, and should be able to

Re: Simple SSL/TLS - Some Questions

2003-10-06 Thread Eric Rescorla
Florian Weimer [EMAIL PROTECTED] writes: Jill Ramonsky wrote: My question is, how much of a problem is this for the embedded market? Have you looked at GNU Pth? It's a non-preemptive threading package which should be reasonably portable. I don't know the TLS/ASN.1 formats by heart, but

Re: Simple SSL/TLS - Some Questions

2003-10-06 Thread Ian Grigg
Jill Ramonsky wrote: First, the primary design goal is simple to use. This is the highest goal of all. If it is not simple to use, it misses out on a lot of opportunities. And missing out results in less crypto being deployed. If you have to choose between simple-but-incomplete, versus

OOAPI-SSL/TLS (Was: Simple SSL/TLS - Some Questions)

2003-10-04 Thread Hadmut Danisch
On Fri, Oct 03, 2003 at 05:55:25PM +0100, Jill Ramonsky wrote: Having been greatly encouraged by people on this list to go ahead with a new SSL implementation, That's a pretty good idea, I also encourage you (and volunteer to support). The main point of confusion/contention right now

Re: OOAPI-SSL/TLS (Was: Simple SSL/TLS - Some Questions)

2003-10-04 Thread Zooko O'Whielacronx
Rich Salz wrote: You know about Wei's Crypto++, right? I use it and like it. I don't have to dig into the guts very often, which is good because I don't like mucking around in C++. You have to understand templates to understand the API. The docs are spartan, but the design is clean so it

Simple SSL/TLS - Some Questions

2003-10-03 Thread Jill Ramonsky
Having been greatly encouraged by people on this list to go ahead with a new SSL implementation, it looks like I am going to go for it, but I'd kinda like to not make any enemies in the process so I'll try to keep this list up to date with progress and decisions and stuff ... and I will ask a

Re: Simple SSL/TLS - Some Questions

2003-10-03 Thread Eric Rescorla
Jill Ramonsky [EMAIL PROTECTED] writes: Now - SSL or TLS - this confuses me. From what I've read in Eric's book, SSL version 3.0 or below is called SSL, wheras SSL version 3.1 or above is called TLS. I wouldn't use quite that terminology. Noone talks about SSL version 3.1, but rather TLS 1.0.

Re: Simple SSL/TLS - Some Questions

2003-10-03 Thread Guus Sliepen
On Fri, Oct 03, 2003 at 05:55:25PM +0100, Jill Ramonsky wrote: It's worth summing up the design goals here, so nobody gets confused. Trouble is, I haven't figured out what they should all be. The main point of confusion/contention right now seem to be (1) should it be in C or C++?, (2)

Re: Simple SSL/TLS - Some Questions

2003-10-03 Thread Roy M. Silvernail
iang wrote: Jill Ramonsky wrote: It's worth summing up the design goals here, so nobody gets confused. Trouble is, I haven't figured out what they should all be. The main point of confusion/contention right now seem to be (1) should it be in C or C++?, C. And write C++ wrappers or