Am 19.08.2008 um 14:20 schrieb Eric Rescorla
And of course, this library will be totally perfect, not need any maintenance,etc.
It's a *huge* difference if someone who doesn't have an idea about crypto tries to implement it using OpenSSL in some Jabber client or if they use a library that is ready to use, written by some people who know much about cryptography. It's like you tell a database programmer who never did anything with graphics to write a 3D engine.
I'm certainly sensitive to the complaint that libraries like OpenSSL give the programmertoo much freedom, but that seems to me to be primarily an issue of providing anappropriate wrapper API. I don't see that that motivates designing an entirely newprotocol which must then be maintained, and also requires a new implementation that must itself be maintained. This has proven to be a significant amount of work for all the COMSEC protocols of which I am aware, and given that XSF's expertise isn't primarily in COMSEC, I don't see any reason to expect that itsexperience would be different.
Sure, we could have something like libxmpptls. -- Jonathan
PGP.sig
Description: This is a digitally signed message part
